VYPR

rpm package

suse/python-aiohttp&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP1

pkg:rpm/suse/python-aiohttp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1

Vulnerabilities (5)

  • CVE-2023-49081Nov 30, 2023
    affected < 3.6.0-150100.3.15.1fixed 3.6.0-150100.3.15.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability

  • CVE-2023-47641Nov 14, 2023
    affected < 3.6.0-150100.3.12.1fixed 3.6.0-150100.3.12.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-En

  • CVE-2021-21330Feb 26, 2021
    affected < 3.6.0-150100.3.9.1fixed 3.6.0-150100.3.9.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a

  • CVE-2020-14343Feb 9, 2021
    affected < 3.4.4-3.3.3fixed 3.4.4-3.3.3

    A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrust

  • CVE-2020-25659Jan 11, 2021
    affected < 3.4.4-3.3.3fixed 3.4.4-3.3.3

    python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.