Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

spack

py-aiohttp

spack

Supports both client and server side of HTTP protocol. Supports both client and server Web-Sockets out-of-the-box and avoids Callbacks. Provides Web-server with middlewares and plugable routing.

View on github.com · View on spack.io

Security Advisories for py-aiohttp in spack

Repackage
Low
11 months ago

AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections GSA_kwCzR0hTQS05NTQ4LXFycmoteDVwas4ABKHl

pypi aiohttp
Repackage
Moderate
over 1 year ago

aiohttp allows request smuggling due to incorrect parsing of chunk extensions GSA_kwCzR0hTQS04NDk1LTRnM2cteDdwcs4ABBeU

pypi aiohttp
Repackage
Moderate
over 1 year ago

aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method GSA_kwCzR0hTQS0yN21mLWdocW0tajNqOM4ABBeT

pypi aiohttp
Repackage
Moderate
almost 2 years ago

In aiohttp, compressed files as symlinks are not protected from path traversal GSA_kwCzR0hTQS1qd2h4LXhjZzYtOHhoas4AA-ge

pypi aiohttp
Repackage
High
about 2 years ago

aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests GSA_kwCzR0hTQS01bTk4LXFnZzktd2g4NM4AA7vP

pypi aiohttp
Repackage
Moderate
about 2 years ago

aiohttp Cross-site Scripting vulnerability on index pages for static file handling GSA_kwCzR0hTQS03Z3B3LTh3bWMtcG04Z84AA7Ls

pypi aiohttp
Repackage
High
over 2 years ago

aiohttp is vulnerable to directory traversal GSA_kwCzR0hTQS01aDg2LThtdjItanE5Zs4AA47u

pypi aiohttp
Repackage
Moderate
over 2 years ago

aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators GSA_kwCzR0hTQS04cXB3LXhxeGotaDRyMs4AA47q

pypi aiohttp
Repackage
Moderate
over 2 years ago

aiohttp's ClientSession is vulnerable to CRLF injection via version GSA_kwCzR0hTQS1xM3F4LWM2ZzItN3B3Ms4AA3Yd

pypi aiohttp
Repackage
Moderate
over 2 years ago

aiohttp's ClientSession is vulnerable to CRLF injection via method GSA_kwCzR0hTQS1xdnJ3LXY5cnYtNXJqeM4AA3Yc

pypi aiohttp
Repackage
Moderate
over 2 years ago

aiohttp has vulnerable dependency that is vulnerable to request smuggling GSA_kwCzR0hTQS1wamp3LXFoZzgtcDJwOc4AA3Yb

pypi aiohttp
Repackage
Moderate
over 2 years ago

AIOHTTP has problems in HTTP parser (the python one, not llhttp) GSA_kwCzR0hTQS1nZncyLTRqdmgtd2dmZ84AA3K1

pypi aiohttp
Repackage
Low
over 2 years ago

Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks GSA_kwCzR0hTQS14eDlwLXh4dmgtN2c4as4AA3Hw

pypi aiohttp
Repackage
Moderate
almost 3 years ago

aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser GSA_kwCzR0hTQS00NWM0LTh3eDUtcXc2d84AA00K

pypi aiohttp
Repackage
Low
over 5 years ago

`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware) MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2d3AtNG02Zi1nY2pn

pypi aiohttp

Filter by Severity

Moderate 10 Low 3 High 2