VYPR

apk package

chainguard/py3.11-aiohttp

pkg:apk/chainguard/py3.11-aiohttp

Vulnerabilities (4)

  • CVE-2024-52304Nov 18, 2024
    affected < 3.10.11-r0fixed 3.10.11-r0

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of ai

  • CVE-2024-52303Nov 18, 2024
    affected < 3.10.11-r0fixed 3.10.11-r0

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the build

  • CVE-2024-23334Jan 29, 2024
    affected < 3.9.3-r0fixed 3.9.3-r0

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether

  • CVE-2024-23829Jan 29, 2024
    affected < 3.9.3-r0fixed 3.9.3-r0

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to pr