VYPR

rpm package

opensuse/python-aiohttp&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-aiohttp&distro=openSUSE%20Tumbleweed

Vulnerabilities (26)

  • CVE-2024-27306Apr 18, 2024
    affected < 3.9.5-2.1fixed 3.9.5-2.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files.

  • CVE-2024-23334Jan 29, 2024
    affected < 3.9.3-1.1fixed 3.9.3-1.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether

  • CVE-2023-49081Nov 30, 2023
    affected < 3.9.3-2.1fixed 3.9.3-2.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability

  • CVE-2023-47627Nov 14, 2023
    affected < 3.9.0-1.1fixed 3.9.0-1.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt whe

  • CVE-2023-47641Nov 14, 2023
    affected < 3.9.3-2.1fixed 3.9.3-2.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-En

  • CVE-2021-21330Feb 26, 2021
    affected < 3.8.5-2.1fixed 3.8.5-2.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a

Page 2 of 2