aiohttp 3.10.6 < 3.10.11 Memory Leak Vulnerability - Windows

aiohttp is prone to a memory leak vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:aio-libsproject:aiohttp";...

aioHTTP 3.10.6 < 3.10.11 Memory Leak

The version of aioHTTP installed on the remote host is prior to 3.10.11. It is, therefore, affected by a memory leak vulnerability. aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a...

CVE-2024-52304

A flaw was found in the aiohttp package. The Python parser parses newlines in chunk extensions incorrectly, which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed, for example, without the usual C extensions, or...

CVE-2024-52303

A flaw was found in the aiohttp package. A memory leak can occur in certain configurations when a request produces a MatchInfoError. This issue was caused by adding an entry to a cache on each request due to the building of each MatchInfoError producing a unique cache entry. An attacker may be ab...

DEBIAN-CVE-2024-52304

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

CVE-2024-52304 vulnerabilities

Vulnerabilities for packages: airflow, py3-cassandra-medusa, dask-gateway, checkov, py3-aiohttp, kserve...

AZL-53229 CVE-2024-52304 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

CVE-2024-52304

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

AZL-53232 CVE-2024-52304 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

UBUNTU-CVE-2024-52304

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...

act-workflow (>=4.8.2 <=4.8.399), ahserver (>=1.0.1 <=1.2.0) +120 more potentially affected by CVE-2024-52304 via aiohttp (>=3.0.0b0 <=3.10.10)

aiohttp PYPI version =3.0.0b0, =4.8.2, =1.0.1, =0.48.0, =0.60.2, =0.9.0, =0.9.0, =0.1.19, =24.8.0, =0.1.6, =0.9.0, =0.9.1 - atlan-application-sdk =1.0.1 - backend-ai =1.3.0 and more Source cves: CVE-2024-52304 Source advisory: SNYK:PYTHON-AIOHTTP-8383923...

GHSA-8495-4G3G-X7PR vulnerabilities

Vulnerabilities for packages: airflow, py3-cassandra-medusa, dask-gateway, checkov, py3-aiohttp, kserve...

GHSA-8495-4G3G-X7PR vulnerabilities

Vulnerabilities for packages: kserve, py3.10-vllm-cuda-11.8, request-1276, airflow, checkov, py3-cassandra-medusa, py3-aiohttp, dask-gateway, awx...

act-workflow (>=4.8.2 <=4.8.399), ahserver (>=1.0.1 <=1.2.0) +253 more potentially affected by CVE-2024-52304 via aiohttp (>=0.13.1 <=3.10.10)

aiohttp PYPI version =0.13.1, =4.8.2, =1.0.1, =0.48.0, =0.60.2, =0.9.0, =0.1.1, =0.9.2, =1.1.0, =0.2.3, =0.1.0, =3.2.4b1, =0.3.0, =0.5.1 and more Source cves: CVE-2024-52304 Source advisory: OSV:GHSA-8495-4G3G-X7PR...

aiohttp allows request smuggling due to incorrect parsing of chunk extensions

Summary The Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker m...

GHSA-27MF-GHQM-J3J8 aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method

Summary A memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. Impact If the user is making use of any middlewares with aiohttp.web then it is...

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime by creating a unique cache entry for each MatchInfoError when a request method is not allowed. This can lead to unbounded cache growth, resulting in a memory leak. Remediation Upgrade...

aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method

Summary A memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. Impact If the user is making use of any middlewares with aiohttp.web then it is...

GHSA-27MF-GHQM-J3J8 vulnerabilities

Vulnerabilities for packages: py3.10-vllm-cuda-11.8, airflow, checkov, py3-aiohttp...

GHSA-27MF-GHQM-J3J8 vulnerabilities

Vulnerabilities for packages: airflow, checkov, py3-aiohttp...