1128 matches found
DEBIAN-CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
UBUNTU-CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
CVE-2024-52304 aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
CVE-2024-52304 aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
CVE-2024-52304 aiohttp vulnerable to request smuggling due to incorrect parsing of chunk extensions
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
CVE-2024-52304
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installe...
CVE-2024-52304
CVE-2024-52304 – aiohttp request-smuggling vulnerability : Prior to 3.10.11, aiohttp’s Python parser mishandled newlines in chunk extensions, enabling a request-smuggling condition under certain scenarios. If a pure-Python build (no C extensions) or AIOHTTP_NO_EXTENSIONS is used, an attacker coul...
CVE-2024-52303 aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
CVE-2024-52303
CVE-2024-52303 affects aiohttp (async HTTP framework for Python/asyncio): memory leak when a request produces a MatchInfoError, caused by a per-request cache entry created during MatchInfoError construction. This can enable memory exhaustion on the server under high request rates (hundreds of tho...
CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
CVE-2024-52303 aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
CVE-2024-52303 aiohttp memory leak when middleware is enabled when requesting a resource with a non-allowed method
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each...
aiohttp 安全漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs open source. A security vulnerability exists in aiohttp version 3.10.6 through versions prior to 3.10.11, which stems from the presence of a memory leak, where an attacker may be able to exhau...
aiohttp 安全漏洞
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs open source. A security vulnerability exists in aiohttp 3.10.11 and earlier versions, which stems from the Python parser incorrectly parsing line breaks in block extensions, potentially leadin...
PT-2024-8691 · Aiohttp · Aiohttp
Name of the Vulnerable Software and Affected Versions: aiohttp versions 3.10.6 through 3.10.10 Description: A memory leak can occur when a request produces a MatchInfoError. This issue is caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a...
Exploit for Path Traversal in Aiohttp
LFI-aiohttp-CVE-2024-23334-PoC A Bash script to automate Loca...
Fedora 41 : python-aiohttp (2024-c4a71dab58)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c4a71dab58 advisory. Automatic update for python-aiohttp-3.9.5-1.fc41. Changelog Fri Apr 19 2024 Benjamin A. Beasley - 3.9.5-1 - Update to 3.9.5 fix RHBZ2275991, fix CVE-2024-273...
Fedora 41 : llhttp / python-aiohttp (2024-8deaadd998)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8deaadd998 advisory. Update llhttp to 9.2.1, fixing CVE-2024-27982. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3. Tenable has extracted the preceding description block...
Exploit for Path Traversal in Aiohttp
Path Traversal PoC CVE-2024-23334 Este script es una prueba...
Exploit for Path Traversal in Aiohttp
CVE-2024-23334 Proof-of-Concept for LFI/Path Traversal vulner...