Latest aiohttp aiohttp Vulnerabilities

CVE-2024-23334
aiohttp.web.static(follow_symlinks=True) is vulnerable to directory traversal
Aiohttp Aiohttp>=1.0.5<3.9.2
Fedoraproject Fedora=39
pip/aiohttp>=1.0.5<3.9.2
redhat/aiohttp<3.9.2
CVE-2024-23829
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Aiohttp Aiohttp<3.9.2
Fedoraproject Fedora=39
pip/aiohttp<3.9.2
redhat/aiohttp<3.9.2
CVE-2023-49081
aiohttp's ClientSession is vulnerable to CRLF injection via version
Aiohttp Aiohttp<3.9.0
pip/aiohttp<3.9.0
redhat/aiohttp<3.9.0
CVE-2023-49082
aiohttp's ClientSession is vulnerable to CRLF injection via method
Aiohttp Aiohttp<3.9.0
pip/aiohttp<3.9.0
redhat/aiohttp<3.9.0
CVE-2023-47627
Request smuggling in aiohttp
Aiohttp Aiohttp<3.8.6
pip/aiohttp<3.8.6
redhat/aiohttp<3.8.6
CVE-2023-47641
Inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` in aiohttp
pip/aiohttp<3.8.0
Aiohttp Aiohttp<3.8.0
CVE-2023-37276
### Impact aiohttp v3.8.4 and earlier are [bundled with llhttp v6.0.6](https://github.com/aio-libs/aiohttp/blob/v3.8.4/.gitmodules) which is vulnerable to CVE-2023-30589. The vulnerable code is used ...
Aiohttp Project Aiohttp<=3.8.4
pip/aiohttp<=3.8.4
Aiohttp Aiohttp<=3.8.4
redhat/aiohttp<3.8.5
CVE-2022-33124
** DISPUTED ** AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no examp...
Aiohttp Project Aiohttp=3.8.1
=3.8.1
CVE-2021-21330
### Impact Open redirect vulnerability — a maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a bug in the `aiohttp.web_middle...
pip/aiohttp<3.7.4
Aiohttp Aiohttp<3.7.4
Debian Debian Linux=10.0
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Aiohttp Project Aiohttp<3.7.4
and 2 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203