rpm package
opensuse/python-aiohttp&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-aiohttp&distro=openSUSE%20Tumbleweed
Vulnerabilities (26)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-27306 | — | < 3.9.5-2.1 | 3.9.5-2.1 | Apr 18, 2024 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. | ||
| CVE-2024-23334 | — | < 3.9.3-1.1 | 3.9.3-1.1 | Jan 29, 2024 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether | ||
| CVE-2023-49081 | — | < 3.9.3-2.1 | 3.9.3-2.1 | Nov 30, 2023 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability | ||
| CVE-2023-47627 | — | < 3.9.0-1.1 | 3.9.0-1.1 | Nov 14, 2023 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt whe | ||
| CVE-2023-47641 | — | < 3.9.3-2.1 | 3.9.3-2.1 | Nov 14, 2023 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-En | ||
| CVE-2021-21330 | — | < 3.8.5-2.1 | 3.8.5-2.1 | Feb 26, 2021 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a |
- CVE-2024-27306Apr 18, 2024affected < 3.9.5-2.1fixed 3.9.5-2.1
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files.
- CVE-2024-23334Jan 29, 2024affected < 3.9.3-1.1fixed 3.9.3-1.1
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether
- CVE-2023-49081Nov 30, 2023affected < 3.9.3-2.1fixed 3.9.3-2.1
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability
- CVE-2023-47627Nov 14, 2023affected < 3.9.0-1.1fixed 3.9.0-1.1
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt whe
- CVE-2023-47641Nov 14, 2023affected < 3.9.3-2.1fixed 3.9.3-2.1
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-En
- CVE-2021-21330Feb 26, 2021affected < 3.8.5-2.1fixed 3.8.5-2.1
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a
Page 2 of 2