VYPR

apk package

chainguard/checkov

pkg:apk/chainguard/checkov

Vulnerabilities (46)

  • CVE-2024-30251May 2, 2024
    affected < 3.0.34-r1fixed 3.0.34-r1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process

  • CVE-2024-27306Apr 18, 2024
    affected < 3.0.34-r1fixed 3.0.34-r1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files.

  • CVE-2024-23829MedJan 29, 2024
    affected < 3.0.34-r1fixed 3.0.34-r1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to pr

  • CVE-2024-23334MedJan 29, 2024
    affected < 3.0.34-r1fixed 3.0.34-r1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether

  • CVE-2024-22195MedJan 11, 2024
    affected < 3.0.34-r1fixed 3.0.34-r1

    Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` f

  • CVE-2024-22190HigJan 11, 2024
    affected < 3.0.34-r1fixed 3.0.34-r1

    GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those feat

Page 3 of 3