CVE-2026-34993
- EPSS 0.13%
- Veröffentlicht 02.06.2026 18:29:15
- Zuletzt bearbeitet 10.07.2026 12:16:42
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Most applications using this function will be doing so with t...
CVE-2026-34525
- EPSS 0.29%
- Veröffentlicht 01.04.2026 20:28:46
- Zuletzt bearbeitet 16.04.2026 16:21:56
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.
CVE-2026-34520
- EPSS 0.46%
- Veröffentlicht 01.04.2026 20:27:48
- Zuletzt bearbeitet 16.04.2026 16:24:37
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in versi...
CVE-2026-34519
- EPSS 0.29%
- Veröffentlicht 01.04.2026 20:26:25
- Zuletzt bearbeitet 16.04.2026 16:28:04
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has be...
CVE-2026-34518
- EPSS 0.34%
- Veröffentlicht 01.04.2026 20:15:22
- Zuletzt bearbeitet 16.04.2026 16:35:08
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie and Proxy-Authorization headers. T...
CVE-2026-34517
- EPSS 0.38%
- Veröffentlicht 01.04.2026 20:14:15
- Zuletzt bearbeitet 15.04.2026 13:54:53
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. This issue has been patched in version...
CVE-2026-34516
- EPSS 0.44%
- Veröffentlicht 01.04.2026 20:13:04
- Zuletzt bearbeitet 15.04.2026 13:57:47
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially allowing a DoS vulnerabilit...
CVE-2026-34515
- EPSS 0.43%
- Veröffentlicht 01.04.2026 20:10:48
- Zuletzt bearbeitet 15.04.2026 14:08:02
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in version 3.13.4.
CVE-2026-34514
- EPSS 0.32%
- Veröffentlicht 01.04.2026 20:09:50
- Zuletzt bearbeitet 15.04.2026 14:13:42
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits. This issue has been pa...
CVE-2026-22815
- EPSS 0.44%
- Veröffentlicht 01.04.2026 20:08:08
- Zuletzt bearbeitet 06.04.2026 16:48:48
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4.