5 matches found
CVE-2026-54279
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...
CVE-2026-54279
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...
SUSE-SU-2026:22173-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues - CVE-2026-22815: insufficient header/trailer handling can cause a denial of service bsc1261320. - CVE-2026-34513: unbounded DNS cache can cause a denial of service bsc1261321. - CVE-2026-34514: contenttype parameter manipulation can lead ...
PT-2026-46099
Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...
DEBIAN-CVE-2021-21289
Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which...