apk package
chainguard/py3.11-aiohttp
pkg:apk/chainguard/py3.11-aiohttp
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-52304 | — | < 3.10.11-r0 | 3.10.11-r0 | Nov 18, 2024 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of ai | ||
| CVE-2024-52303 | — | < 3.10.11-r0 | 3.10.11-r0 | Nov 18, 2024 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the build | ||
| CVE-2024-23334 | — | < 3.9.3-r0 | 3.9.3-r0 | Jan 29, 2024 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether | ||
| CVE-2024-23829 | — | < 3.9.3-r0 | 3.9.3-r0 | Jan 29, 2024 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to pr |
- CVE-2024-52304Nov 18, 2024affected < 3.10.11-r0fixed 3.10.11-r0
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of ai
- CVE-2024-52303Nov 18, 2024affected < 3.10.11-r0fixed 3.10.11-r0
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the build
- CVE-2024-23334Jan 29, 2024affected < 3.9.3-r0fixed 3.9.3-r0
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether
- CVE-2024-23829Jan 29, 2024affected < 3.9.3-r0fixed 3.9.3-r0
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to pr