Search CVE reports
31 – 40 of 38100 results
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, multiple Host headers were allowed in aiohttp. This issue has been patched in version 3.13.4.
1 affected package
python-aiohttp
| Package | 20.04 LTS |
|---|---|
| python-aiohttp | Needs evaluation |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has...
1 affected package
python-aiohttp
| Package | 20.04 LTS |
|---|---|
| python-aiohttp | Needs evaluation |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar...
1 affected package
python-aiohttp
| Package | 20.04 LTS |
|---|---|
| python-aiohttp | Needs evaluation |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, when following redirects to a different origin, aiohttp drops the Authorization header, but retains the Cookie...
1 affected package
python-aiohttp
| Package | 20.04 LTS |
|---|---|
| python-aiohttp | Needs evaluation |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, for some multipart form fields, aiohttp read the entire field into memory before checking client_max_size. This issue has...
1 affected package
python-aiohttp
| Package | 20.04 LTS |
|---|---|
| python-aiohttp | Needs evaluation |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, a response with an excessive number of multipart headers may be allowed to use more memory than intended, potentially...
1 affected package
python-aiohttp
| Package | 20.04 LTS |
|---|---|
| python-aiohttp | Needs evaluation |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, on Windows the static resource handler may expose information about a NTLMv2 remote path. This issue has been patched in...
1 affected package
python-aiohttp
| Package | 20.04 LTS |
|---|---|
| python-aiohttp | Needs evaluation |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the content_type parameter in aiohttp could use this to inject extra headers or similar exploits....
1 affected package
python-aiohttp
| Package | 20.04 LTS |
|---|---|
| python-aiohttp | Needs evaluation |
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an unbounded DNS cache could result in excessive memory usage possibly resulting in a DoS situation. This issue has been...
1 affected package
python-aiohttp
| Package | 20.04 LTS |
|---|---|
| python-aiohttp | Needs evaluation |
(Rack is a modular Ruby web server interface. Prior to versions 2.2.23, ...)
1 affected package
ruby-rack
| Package | 20.04 LTS |
|---|---|
| ruby-rack | Needs evaluation |