Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aiohttp aiohttp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-4956
Servers vulnerable to CVE-2024-4956 Kinda funny how many servers run sonatype as root I have excluded all servers running the docker image
5 Github repositories
NA
CVE-2024-30251
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process ...
NA
CVE-2024-27306
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. nginx) for serving static files....
NA
CVE-2024-23334
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determi...
Aiohttp Aiohttp
Fedoraproject Fedora 39
6 Github repositories
1 Article
NA
CVE-2024-23829
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to pr...
Aiohttp Aiohttp
Fedoraproject Fedora 39
NA
CVE-2023-49081
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an malicious user to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerab...
Aiohttp Aiohttp
NA
CVE-2023-49082
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an malicious user to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulner...
Aiohttp Aiohttp
NA
CVE-2023-47627
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt whe...
Aiohttp Aiohttp
NA
CVE-2023-47641
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-En...
Aiohttp Aiohttp
NA
CVE-2023-37276
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and previous versions are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a whee...
Aiohttp Aiohttp
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »