1128 matches found
CVE-2024-23829
CVE-2024-23829 affects aiohttp (Python HTTP client/server). The issue stems from lenient HTTP parsing in security-sensitive parts of the parser, which could fail to robustly match frame boundaries and allow request smuggling, and may trigger unhandled exceptions leading to resource exhaustion. Co...
CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against...
aiohttp is vulnerable to directory traversal
Summary Improperly configuring static resource resolution in aiohttp when used as a web server can result in the unauthorized reading of arbitrary files on the system. Details When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static...
GHSA-5H86-8MV2-JQ9F aiohttp is vulnerable to directory traversal
Summary Improperly configuring static resource resolution in aiohttp when used as a web server can result in the unauthorized reading of arbitrary files on the system. Details When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static...
GHSA-5H86-8MV2-JQ9F vulnerabilities
Vulnerabilities for packages: py3-aiohttp, py3-cassandra-medusa, checkov, py3.13-scanner-test-libraries-aiohttp...
GHSA-5H86-8MV2-JQ9F vulnerabilities
Vulnerabilities for packages: py3-aiohttp, py3-cassandra-medusa, checkov...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42773 more potentially affected by CVE-2024-23334 via aiohttp (>=1.0.5 <=3.9.1)
aiohttp PYPI version =1.0.5, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23334 Source advisory: OSV:GHSA-5H86-8MV2-JQ9F...
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Summary Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger...
GHSA-8QPW-XQXJ-H4R2 vulnerabilities
Vulnerabilities for packages: py3-aiohttp, py3-cassandra-medusa, checkov...
GHSA-8QPW-XQXJ-H4R2 vulnerabilities
Vulnerabilities for packages: py3-aiohttp, py3-cassandra-medusa, checkov...
GHSA-8QPW-XQXJ-H4R2 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Summary Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42782 more potentially affected by CVE-2024-23829 via aiohttp (>=0.13.1 <=3.9.1)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2024-23829 Source advisory: OSV:GHSA-8QPW-XQXJ-H4R2...
aiohttp path traversal vulnerability
aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A path traversal vulnerability exists in aiohttp versions prior to 3.9.2, which stems from the fact that when followsymlinks is set to True, no checks are made to see if the file being read is located in t...
PT-2024-1488 · Pypi +6 · Aiohttp +6
Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.9.2 Description: The issue is related to the Python HTTP parser in aiohttp, which has minor differences in allowable character sets. This could trigger error handling and assist in request smuggling, depending on t...
CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option ‘followsymlinks’ can be used to determine whether to follow symboli...
SUSE-SU-2024:0168-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: Updated to version 3.8.6: - CVE-2023-49082: Fixed an HTTP header injection via a crafted method bsc1217682...