VYPR

rpm package

suse/python-aiohttp&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP3

pkg:rpm/suse/python-aiohttp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3

Vulnerabilities (7)

  • CVE-2025-53643Jul 14, 2025
    affected < 3.6.0-150100.3.27.1fixed 3.6.0-150100.3.27.1

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed

  • CVE-2024-52304Nov 18, 2024
    affected < 3.6.0-150100.3.18.1fixed 3.6.0-150100.3.18.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of ai

  • CVE-2024-30251May 2, 2024
    affected < 3.6.0-150100.3.21.1fixed 3.6.0-150100.3.21.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process

  • CVE-2024-27306Apr 18, 2024
    affected < 3.6.0-150100.3.24.1fixed 3.6.0-150100.3.24.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files.

  • CVE-2023-49081Nov 30, 2023
    affected < 3.6.0-150100.3.15.1fixed 3.6.0-150100.3.15.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability

  • CVE-2023-47641Nov 14, 2023
    affected < 3.6.0-150100.3.12.1fixed 3.6.0-150100.3.12.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-En

  • CVE-2021-21330Feb 26, 2021
    affected < 3.6.0-150100.3.9.1fixed 3.6.0-150100.3.9.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a