Aiohttp

Aiohttp

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.28%
  • Veröffentlicht 22.06.2026 16:41:20
  • Zuletzt bearbeitet 26.06.2026 19:37:48

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts...

  • EPSS 0.28%
  • Veröffentlicht 22.06.2026 16:40:23
  • Zuletzt bearbeitet 26.06.2026 19:35:51

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited reso...

  • EPSS 0.28%
  • Veröffentlicht 22.06.2026 16:38:38
  • Zuletzt bearbeitet 26.06.2026 19:27:51

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed pay...

  • EPSS 0.32%
  • Veröffentlicht 22.06.2026 16:37:28
  • Zuletzt bearbeitet 30.06.2026 18:11:07

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, it is possible to bypass the max_line_size check in parts of an HTTP request in the C parser. If using the optimised C parser (the default in pre-built w...

  • EPSS 0.18%
  • Veröffentlicht 22.06.2026 16:36:23
  • Zuletzt bearbeitet 30.06.2026 18:18:37

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or ...

  • EPSS 0.27%
  • Veröffentlicht 22.06.2026 16:34:56
  • Zuletzt bearbeitet 26.06.2026 19:36:20

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, the server_hostname TLS SNI check can be bypassed when an existing connection is reused. If an application makes multiple requests to the same domain, bu...

  • EPSS 0.31%
  • Veröffentlicht 22.06.2026 16:33:37
  • Zuletzt bearbeitet 26.06.2026 19:37:06

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is f...

  • EPSS 0.28%
  • Veröffentlicht 22.06.2026 16:32:45
  • Zuletzt bearbeitet 26.06.2026 19:36:03

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save() and then restored later with CookieJar.load() lose their host-only status. This vulnerability is f...

  • EPSS 0.3%
  • Veröffentlicht 22.06.2026 16:30:55
  • Zuletzt bearbeitet 26.06.2026 19:39:57

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.0, attacker-controlled input included into multipart/payload headers can be used to modify a request to inject additional headers or similar. In the unlikel...

  • EPSS 0.15%
  • Veröffentlicht 02.06.2026 18:32:50
  • Zuletzt bearbeitet 05.06.2026 13:39:20

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the `cookies` parameter on requests are sent after following a cross-origin redirect. If a developer uses the `cookies` paramete...