CVE-2023-47641
- EPSS 0.14%
- Published 14.11.2023 21:15:13
- Last modified 21.11.2024 08:30:35
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Cont...
CVE-2023-47627
- EPSS 0.18%
- Published 14.11.2023 21:15:12
- Last modified 21.11.2024 08:30:33
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enable...
CVE-2023-37276
- EPSS 5.78%
- Published 19.07.2023 20:15:10
- Last modified 21.11.2024 08:11:22
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when in...
CVE-2022-33124
- EPSS 0.21%
- Published 23.06.2022 17:15:14
- Last modified 21.11.2024 07:07:34
AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many ...
CVE-2021-21330
- EPSS 0.49%
- Published 26.02.2021 03:15:12
- Last modified 21.11.2024 05:48:02
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In aiohttp before version 3.7.4 there is an open redirect vulnerability. A maliciously crafted link to an aiohttp-based web-server could redirect the browser to a differe...