SUSE-SU-2024:4110-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2024-52304: Fixed request smuggling due to incorrect parsing of chunk extensions bsc1233447...

[SECURITY] Fedora 41 Update: python-aiohttp-3.10.5-3.fc41

Python HTTP client/server for asyncio which supports both the client and the server side of the HTTP protocol, client and server websocket, and webservers with middlewares and pluggable routing...

Fedora 41 : python-aiohttp (2024-49df7093ac)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-49df7093ac advisory. Security fix for CVE-2024-52304 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora: Security Advisory (FEDORA-2024-04ceb82dc7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : python-aiohttp (2024-04ceb82dc7)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-04ceb82dc7 advisory. Security fix for CVE-2024-52304 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: CVE-2024-52304: Fixed request smuggling due to incorrect parsing of chunk extensions bsc1233447 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2024:4077-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2024-52304: Fixed request smuggling due to incorrect parsing of chunk extensions bsc1233447...

Fedora 41 : python-aiohttp (2024-c4a71dab58)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-c4a71dab58 advisory. Automatic update for python-aiohttp-3.9.5-1.fc41. Changelog Fri Apr 19 2024 Benjamin A. Beasley - 3.9.5-1 - Update to 3.9.5 fix RHBZ2275991, fix CVE-2024-273...

Fedora 41 : llhttp / python-aiohttp (2024-8deaadd998)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-8deaadd998 advisory. Update llhttp to 9.2.1, fixing CVE-2024-27982. Backport llhttp 9.2.1 support to python-aiohttp 3.9.3. Tenable has extracted the preceding description block...

Fedora: Security Advisory (FEDORA-2023-d5bd6b62e4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-f2bb9ee617)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2023-ad76deb86e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6991-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6991-1: AIOHTTP vulnerability

It was discovered that AIOHTTP did not properly restrict file access when the 'followsymlinks' option was set to True. A remote attacker could possibly use this issue to access unauthorized files on the system...

USN-6991-1 python-aiohttp vulnerability

It was discovered that AIOHTTP did not properly restrict file access when the 'followsymlinks' option was set to True. A remote attacker could possibly use this issue to access unauthorized files on the system...

AZL-47754 CVE-2024-42367 affecting package python-aiohttp 3.6.2-3

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants .gz or .br extension are vulnerable to path traversal outside the root directory if those variants are...

Mageia: Security Advisory (MGASA-2024-0235)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2024-0235 Updated python-aiohttp packages fix security vulnerability

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server e.g. nginx for serving static files. Users following th...

SUSE-SU-2024:1866-1 Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: - CVE-2024-27306: Fixed XSS on index pages for static file handling bsc1223098...

Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f83b123d63)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...