107 matches found
CVE-2026-54273
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...
CVE-2026-54273
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...
CVE-2026-54273
CVE-2026-54273 (AIOHTTP) affects the AIOHTTP project (async HTTP client/server for asyncio and Python). Prior to version 3.14.1, there was no limit on the number of pipelined HTTP/1 requests that could be queued, enabling potential memory exhaustion and DoS. The issue is fixed in 3.14.1. The prov...
Astra Linux – Vulnerability in Waitress
Waitress version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value. If that value was not in the “chunked” format, it would proceed using the Content-Length header instead. According to the HTTP standard, Transfer-Encoding should be a comma-separated list, wit...
Astra Linux – Vulnerability in Twisted
In Twisted Web version 19.10.0, there was an HTTP request splitting vulnerability. When two content-length headers were provided, the system ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request...
GHSA-4FVR-RGM6-GQMC aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
Summary No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. ----- Patch:...
aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
Summary No limit was present on the number of pipelined requests that could be queued. Impact An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. ----- Patch:...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the handling of HTTP/1 pipelined requests queue without a limit. An attacker can exhaust system memory by sending a large number of pipelined requests, potentially causing...
PT-2026-49587
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. The software lacked a limit on the number of pipelined requests that could be queued. An attacker could exploit this b...
Astra Linux – Vulnerability in Twisted
Twisted is an event-based framework for internet applications, compatible with Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, potentially leading to information disclosure. This vulnerability has been fixed in 24.7.0rc1...
HTTP Request Smuggling
Overview io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in the HttpClientCodec component. An attacker can cause response...
MiracleLinux 7 : tomcat-7.0.76-3.el7 (AXSA:2017-2389:05)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2389:05 advisory. A vulnerability was discovered in Tomcat's handling of pipelined requests when Sendfile was used. If sendfile processing completed quickly, it was...
EUVD-2020-29509
Malware in sbrugna...
EUVD-2018-0526
Malicious code in bioql PyPI...
EUVD-2022-2183
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2017-5647
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to...
Medium: python-twisted
Issue Overview: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This vulnerability is fixed in 24.7.0rc1...
OESA-2024-1983 python-twisted security update
Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: Twisted is an event-based framework for internet applications, supporting Python 3.6+. The HTTP 1.0 and 1...
SUSE: Security Advisory (SUSE-SU-2024:2860-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:2860-1 Security update for python3-Twisted
This update for python3-Twisted fixes the following issues: - CVE-2024-41671: Fixed HTTP pipelined requests processed out of order in twisted.web bsc1228549 - CVE-2024-41810: Fixed reflected XSS via HTML Injection in Redirect Response bsc1228552...