rpm package
suse/python-aiohttp&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP3
pkg:rpm/suse/python-aiohttp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP3
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-53643 | — | < 3.6.0-150100.3.27.1 | 3.6.0-150100.3.27.1 | Jul 14, 2025 | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed | ||
| CVE-2024-52304 | — | < 3.6.0-150100.3.18.1 | 3.6.0-150100.3.18.1 | Nov 18, 2024 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of ai | ||
| CVE-2024-30251 | — | < 3.6.0-150100.3.21.1 | 3.6.0-150100.3.21.1 | May 2, 2024 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process | ||
| CVE-2024-27306 | — | < 3.6.0-150100.3.24.1 | 3.6.0-150100.3.24.1 | Apr 18, 2024 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. | ||
| CVE-2023-49081 | — | < 3.6.0-150100.3.15.1 | 3.6.0-150100.3.15.1 | Nov 30, 2023 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability | ||
| CVE-2023-47641 | — | < 3.6.0-150100.3.12.1 | 3.6.0-150100.3.12.1 | Nov 14, 2023 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-En | ||
| CVE-2021-21330 | — | < 3.6.0-150100.3.9.1 | 3.6.0-150100.3.9.1 | Feb 26, 2021 | aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a |
- CVE-2025-53643Jul 14, 2025affected < 3.6.0-150100.3.27.1fixed 3.6.0-150100.3.27.1
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed
- CVE-2024-52304Nov 18, 2024affected < 3.6.0-150100.3.18.1fixed 3.6.0-150100.3.18.1
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of ai
- CVE-2024-30251May 2, 2024affected < 3.6.0-150100.3.21.1fixed 3.6.0-150100.3.21.1
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process
- CVE-2024-27306Apr 18, 2024affected < 3.6.0-150100.3.24.1fixed 3.6.0-150100.3.24.1
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files.
- CVE-2023-49081Nov 30, 2023affected < 3.6.0-150100.3.15.1fixed 3.6.0-150100.3.15.1
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability
- CVE-2023-47641Nov 14, 2023affected < 3.6.0-150100.3.12.1fixed 3.6.0-150100.3.12.1
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-En
- CVE-2021-21330Feb 26, 2021affected < 3.6.0-150100.3.9.1fixed 3.6.0-150100.3.9.1
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a different website. It is caused by a