89 matches found
[SECURITY] Fedora 42 Update: GitPython-3.1.50-1.fc42
GitPython is a python library used to interact with git repositories, high-level like git-porcelain, or low-level like git-plumbing. It provides abstractions of git objects for easy access of repository data, a nd additionally allows you to access the git repository more directly using eith er a...
CVE-2026-41168
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...
[SECURITY] Fedora 42 Update: python-diskcache-5.6.3-12.fc42
DiskCache is an Apache2 licensed disk and file backed cache library, written in pure-Python, and compatible with Django...
[SECURITY] Fedora 44 Update: python-diskcache-5.6.3-12.fc44
DiskCache is an Apache2 licensed disk and file backed cache library, written in pure-Python, and compatible with Django...
EulerOS Virtualization 2.12.1 : protobuf (EulerOS-SA-2026-1454)
According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backendto parse untrusted Protocol Buffers data containing an arbitrary number of...
Huawei EulerOS: Security Advisory for protobuf (EulerOS-SA-2026-1511)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Protobuf Pure-Python backend can be corrupted by exceeding the Python recursion limit
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashin...
aiohttp: AIOHTTP HTTP Request/Response Smuggling
A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTPNOEXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protection...
aiohttp: AIOHTTP HTTP Request/Response Smuggling
A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTPNOEXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protection...
aiohttp: AIOHTTP HTTP Request/Response Smuggling
A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTPNOEXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protection...
CVE-2025-69224
A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. A remote attacker could exploit this vulnerability by sending requests containing non-ASCII characters to the Python HTTP parser. This could lead to a request smuggling attack, allowing the attacker to bypass...
DEBIAN-CVE-2025-69224
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...
AZL-73497 CVE-2025-69224 affecting package python-aiohttp 3.6.2-3
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...
UBUNTU-CVE-2025-69224
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...
CVE-2025-69224
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...
AIOHTTP's unicode processing of header values could cause parsing discrepancies
Summary The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute a request smuggling...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the unicode processing of HTTP header values. An attacker can bypass firewall or proxy protections by sending requests containing non-ASCII characters. Note: This is only exploitable if C extensions are not in...
GHSA-69F9-5GXW-WVC2 AIOHTTP's unicode processing of header values could cause parsing discrepancies
Summary The Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. Impact If a pure Python version of aiohttp is installed i.e. without the usual C extensions or AIOHTTPNOEXTENSIONS is enabled, then an attacker may be able to execute a request smuggling...
CVE-2025-69224
AIOHTTP (Python) vulnerability CVE-2025-69224 affects versions 3.13.2 and below of the Python HTTP parser. The issue arises from how non-ASCII characters may enable a request smuggling attack, potentially bypassing firewalls or proxy protections when a pure-Python build is used or AIOHTTP_NO_EXTE...
CVE-2025-69224 AIOHTTP's Unicode processing of header values could cause parsing discrepancies
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...