VYPR

rpm package

suse/python-aiohttp&distro=SUSE Linux Enterprise Module for Python 3 15 SP6

pkg:rpm/suse/python-aiohttp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6

Vulnerabilities (7)

  • CVE-2025-53643Jul 14, 2025
    affected < 3.9.3-150400.10.33.1fixed 3.9.3-150400.10.33.1

    AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed

  • CVE-2024-52304Nov 18, 2024
    affected < 3.9.3-150400.10.27.1fixed 3.9.3-150400.10.27.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of ai

  • CVE-2024-42367Aug 9, 2024
    affected < 3.9.3-150400.10.24.1fixed 3.9.3-150400.10.24.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulnerable to path traversal outside the root director

  • CVE-2024-30251May 2, 2024
    affected < 3.9.3-150400.10.30.1fixed 3.9.3-150400.10.30.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process

  • CVE-2024-27306Apr 18, 2024
    affected < 3.9.3-150400.10.21.1fixed 3.9.3-150400.10.21.1

    aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files.

  • CVE-2023-28859Mar 26, 2023
    affected < 3.9.3-150400.10.18.4fixed 3.9.3-150400.10.18.4

    redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request. (This could, for example, happen for a non-pipeline operation.) NOTE: the solutio

  • CVE-2023-28858Mar 26, 2023
    affected < 3.9.3-150400.10.18.4fixed 3.9.3-150400.10.18.4

    redis-py before 4.5.3 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data to the client of an unrelated request in an off-by-one manner. NOTE: this CVE Record was initially created in response to reports about ChatGPT