8 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-47641
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the...
openSUSE Security Advisory (SUSE-SU-2024:0577-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp, python-time-machine (SUSE-SU-2024:0577-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0577-1 advisory. python-aiohttp was updated to version 3.9.3: Fixed backwards compatibility breakage in 3.9.2 of...
SUSE: Security Advisory (SUSE-SU-2024:0577-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15 / openSUSE 15 Security Update : python-aiohttp (SUSE-SU-2023:4909-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4909-1 advisory. - CVE-2023-47641: Fixed inconsistent interpretation of the http protocol, if content-length and transport-encoding are in the...
SUSE-SU-2023:4909-1 Security update for python-aiohttp
This update for python-aiohttp fixes the following issues: - CVE-2023-47641: Fixed inconsistent interpretation of the http protocol, if content-length and transport-encoding are in the same header with transport-encoding value of 'chunked' bsc1217174...
01os (>=0.0.1 <=0.0.14), 0b1-protocol (>=0.1.0 <=0.1.3) +42410 more potentially affected by CVE-2023-47641 via aiohttp (>=0.13.1 <=3.7.4.post0)
aiohttp PYPI version =0.13.1, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =1.0.0, =0.1.0, =0.1.1, =0.1.2, =0.1.3 - 1942pyc =7.0.1 and more Source cves: CVE-2023-47641 Source advisory: OSV:PYSEC-2023-247...
CVE-2023-47641
CVE-2023-47641 affects aiohttp (Python), where HTTP/1.1 handling can misinterpret requests when both Content-Length and Transfer-Encoding headers are present. The vendor describes a PoC using a reverse proxy that accepts both headers, with aiohttp backend treating chunked input as valid and Conte...