Aiohttp

Aiohttp

33 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2026-34525

  • EPSS 0.13%
  • Veröffentlicht 01.04.2026 20:28:46
  • Zuletzt bearbeitet 16.04.2026 16:21:56

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.

9.1

CVE-2026-34520

  • EPSS 0.06%
  • Veröffentlicht 01.04.2026 20:27:48
  • Zuletzt bearbeitet 16.04.2026 16:24:37

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in versi...

5.3

CVE-2026-34519

  • EPSS 0.04%
  • Veröffentlicht 01.04.2026 20:26:25
  • Zuletzt bearbeitet 16.04.2026 16:28:04

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has be...

5.3

CVE-2026-34518

  • EPSS 0.04%
  • Veröffentlicht 01.04.2026 20:15:22
  • Zuletzt bearbeitet 16.04.2026 16:35:08

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. T...

5.3

CVE-2026-34517

  • EPSS 0.06%
  • Veröffentlicht 01.04.2026 20:14:15
  • Zuletzt bearbeitet 15.04.2026 13:54:53

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. This issue has been patched in version...

7.5

CVE-2026-34516

  • EPSS 0.06%
  • Veröffentlicht 01.04.2026 20:13:04
  • Zuletzt bearbeitet 15.04.2026 13:57:47

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerabilit...

7.5

CVE-2026-34515

  • EPSS 0.07%
  • Veröffentlicht 01.04.2026 20:10:48
  • Zuletzt bearbeitet 15.04.2026 14:08:02

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.

5.3

CVE-2026-34514

  • EPSS 0.04%
  • Veröffentlicht 01.04.2026 20:09:50
  • Zuletzt bearbeitet 15.04.2026 14:13:42

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been pa...

7.5

CVE-2026-22815

  • EPSS 0.06%
  • Veröffentlicht 01.04.2026 20:08:08
  • Zuletzt bearbeitet 06.04.2026 16:48:48

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4.

7.5

CVE-2026-34513

  • EPSS 0.06%
  • Veröffentlicht 01.04.2026 20:06:13
  • Zuletzt bearbeitet 15.04.2026 14:16:06

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been patched in version 3.13....