1131 matches found
SUSE CVE-2025-53643
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...
DEBIAN-CVE-2025-53643
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...
CVE-2025-53643
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...
AZL-65256 CVE-2025-53643 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...
AZL-65252 CVE-2025-53643 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...
UBUNTU-CVE-2025-53643
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...
CVE-2025-53643
CVE-2025-53643 (aiohttp) : Prior to 3.12.14, the Python parser is vulnerable to HTTP request smuggling due to not parsing trailer sections. If a pure-Python build (no C extensions) or AIOHTTP_NO_EXTENSIONS is used, an attacker may smuggle requests to bypass certain firewalls/proxy protections. Th...
CVE-2025-53643 AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...
CVE-2025-53643
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...
CVE-2025-53643 AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...
CVE-2025-53643 AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed i.e. without the...
aba-cli-scrapper (>=0.1.1 <=0.1.6), academic-metrics (>=0.1.0b0 <=1.0.99) +911 more potentially affected by CVE-2025-53643 via aiohttp (>=3.0.0b0 <=3.12.13)
aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =56.0.0, =0.1.0, =0.1.31, =1.0.1, =1.2.0 - ahttp-client =1.0.3 and more Source cves: CVE-2025-53643 Source advisory: SNYK:PYTHON-AIOHTTP-10742466...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via incorrect parsing of the trailer section in HTTP requests. An attacker can bypass firewall or proxy protections by crafting specially formed HTTP requests. Note: This is exploitable if the pure Python version ...
AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
Summary The Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execu...
aba-cli-scrapper (>=0.1.1 <=0.1.6), academic-metrics (>=0.1.0b0 <=1.0.99) +1040 more potentially affected by CVE-2025-53643 via aiohttp (>=0.13.1 <=3.12.13)
aiohttp PYPI version =0.13.1, =0.1.1, =0.1.0b0, =1.1.0, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =56.0.0, =0.1.0, =0.1.31, =1.0.1, =1.2.0 - ahttp-client =1.0.3 and more Source cves: CVE-2025-53643 Source advisory: OSV:GHSA-9548-QRRJ-X5PJ...
PT-2025-29512
Name of the Vulnerable Software and Affected Versions: AIOHTTP versions prior to 3.12.14 Description: AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, contains an issue where the Python parser does not correctly parse trailer sections of an HTTP request. This can allo...
aiohttp 环境问题漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs open source. An environment issue vulnerability exists in aiohttp versions prior to 3.12.14, which stems from the presence of request smuggling in the Python parser, which could lead to...
TencentOS Server 4: python-aiohttp (TSSA-2025:0208)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0208 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
TencentOS Server 4: python-aiohttp (TSSA-2024:0266)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0266 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
Fedora: Security Advisory (FEDORA-2024-8deaadd998)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...