Aiohttp

Aiohttp

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.7

CVE-2024-52303

  • EPSS 0.4%
  • Veröffentlicht 18.11.2024 20:15:06
  • Zuletzt bearbeitet 15.08.2025 13:39:10

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on ...

4.8

CVE-2024-42367

  • EPSS 0.35%
  • Veröffentlicht 12.08.2024 13:38:34
  • Zuletzt bearbeitet 19.08.2025 15:12:45

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on the 3.10 branch prior to version 3.10.2, static routes which contain files with compressed variants (`.gz` or `.br` extension) are vulnerable to path trave...

7.5

CVE-2024-30251

  • EPSS 0.36%
  • Veröffentlicht 02.05.2024 14:15:09
  • Zuletzt bearbeitet 03.11.2025 21:16:09

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite ...

6.1

CVE-2024-27306

  • EPSS 0.75%
  • Veröffentlicht 18.04.2024 15:15:29
  • Zuletzt bearbeitet 03.11.2025 21:16:08

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. A XSS vulnerability exists on index pages for static file handling. This vulnerability is fixed in 3.9.4. We have always recommended using a reverse proxy server (e.g. ng...

6.5

CVE-2024-23829

Exploit
  • EPSS 0.38%
  • Veröffentlicht 29.01.2024 23:15:08
  • Zuletzt bearbeitet 03.11.2025 21:16:06

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame bounda...

7.5

CVE-2024-23334

Exploit
  • EPSS 93.48%
  • Veröffentlicht 29.01.2024 23:15:08
  • Zuletzt bearbeitet 04.02.2026 20:16:01

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' ca...

5.3

CVE-2023-49081

Exploit
  • EPSS 0.5%
  • Veröffentlicht 30.11.2023 07:15:08
  • Zuletzt bearbeitet 04.11.2025 19:16:08

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HT...

5.3

CVE-2023-49082

Exploit
  • EPSS 0.24%
  • Veröffentlicht 29.11.2023 20:15:08
  • Zuletzt bearbeitet 04.11.2025 19:16:08

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the...

6.5

CVE-2023-47641

Exploit
  • EPSS 0.22%
  • Veröffentlicht 14.11.2023 21:15:13
  • Zuletzt bearbeitet 03.11.2025 21:16:02

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Cont...

7.5

CVE-2023-47627

Exploit
  • EPSS 0.26%
  • Veröffentlicht 14.11.2023 21:15:12
  • Zuletzt bearbeitet 03.11.2025 21:16:01

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enable...