GHSA-JG22-MG44-37J8 AIOHTTP is Vulnerable to Deserialization of Untrusted Data

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

Linux Distros Unpatched Vulnerability : CVE-2026-34993

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow...

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

DEBIAN-CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

CVE-2026-34993 AIOHTTP Vulnerable to Deserialization of Untrusted Data

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

CVE-2026-34993 AIOHTTP Vulnerable to Deserialization of Untrusted Data

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

CVE-2026-34993

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using CookieJar.load with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with the user's own data, so this is unlikely to affect man...

Astra Linux - уязвимость в node-tough-cookie

Versions of the tough-cookie package before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in the rejectPublicSuffixes=false mode. This issue arises from the way in which the objects are initialized...

Astra Linux - уязвимость в pypy

In the http.cookiejar.py module of Python, prior to version 3.7.3, the domain validation mechanism was not properly implemented. This vulnerability could allow existing cookies to be sent to the wrong server. Attackers could exploit this flaw by using a server whose hostname contains another vali...

RHCOS 4 / 9 : OpenShift Container Platform 4.16.0 (RHSA-2024:0045)

The remote Red Hat Enterprise Linux CoreOS 4 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0045 advisory. - dnspython: denial of service in stub resolver CVE-2023-29483 - golang: net/http/cookiejar: incorrect forwarding of sensitive...

Astra Linux - уязвимость в node-cookiejar

Versions of the package cookiejar before 2.1.4 are vulnerable to Regular Expression Denial of Service ReDoS attacks through the Cookie.parse function, which uses an insecure regular expression...

MiracleLinux 8 : go-toolset:rhel8 (AXSA:2024-8389:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8389:01 advisory. golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS CVE-2023-45288 golang: net/http/cookiejar: incorrect forwarding of...

MiracleLinux 9 : delve-1.21.2-2.el9, golang-1.21.9-2.el9 (AXSA:2024-7759:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7759:01 advisory. golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in...

Malicious code in elf-stats-candystriped-cookiejar-799 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbbf7ed5d3634a4e8b673192561ea10cd7e0233c102954146734b56f323ecb86 The package elf-stats-candystriped-cookiejar-799 was found to contain malicious code...

EUVD-2025-202795

Malicious code in elf-stats-merry-cookiejar-796 npm...

MAL-2025-192475 Malicious code in elf-stats-candystriped-cookiejar-799 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fbbf7ed5d3634a4e8b673192561ea10cd7e0233c102954146734b56f323ecb86 The package elf-stats-candystriped-cookiejar-799 was found to contain malicious code...

EUVD-2025-202772

Malicious code in elf-stats-tinsel-cookiejar-315 npm...

MAL-2025-192514 Malicious code in elf-stats-merry-cookiejar-796 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2fbb603745bee341c6e65e345d4e8e33ec8b79e8822ead3250724c465af9bb37 The package elf-stats-merry-cookiejar-796 was found to contain malicious code...

MAL-2025-192537 Malicious code in elf-stats-tinsel-cookiejar-315 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cb5a41cb9f38fc95c97f1aa8e149a7213f2b278c4a54cd53866d61d11941615 The package elf-stats-tinsel-cookiejar-315 was found to contain malicious code...