4 matches found
Python Library aiohttp < 3.14.0 Header Injection
The version of the aiohttp Python library installed on the remote host is prior to 3.14.0. It is, therefore, affected by a vulnerability: - Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. I...
CVE-2026-50269
A flaw was found in aiohttp, an asynchronous HTTP client/server framework. This vulnerability, known as CRLF Carriage Return Line Feed injection, allows an attacker to modify HTTP requests by injecting malicious input into multipart or payload headers. If an application processes user-controlled...
CVE-2026-50269
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikely situation that an application is passing...
PT-2026-49564
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.0 Description Attacker-controlled input included in multipart/payload headers can be used to modify a request to inject additional headers or change the request contents. This occurs when an application passes...