pkg:Debian/python-aiohttp

所有已知漏洞

• CRITICAL9.1CVE-2026-34520AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass
  from 0
• HIGH7.5CVE-2026-34516AIOHTTP has a Multipart Header Size Bypass
  from 0
• HIGH7.5CVE-2026-34513AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector
  from 0
• HIGH7.5CVE-2025-69228AIOHTTP vulnerable to denial of service through large payloads
  from 0
• HIGH7.5CVE-2025-69227AIOHTTP vulnerable to DoS when bypassing asserts
  from 0
• HIGH7.5CVE-2025-69223AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb
  from 0
• HIGH7.5CVE-2025-53643AIOHTTP is vulnerable to HTTP Request/Response Smuggling through incorrect parsing of chunked trailer sections
  from 0
• HIGH7.5CVE-2024-52304aiohttp allows request smuggling due to incorrect parsing of chunk extensions
  from 0, < 3.7.4-1+deb11u1
• HIGH7.5CVE-2024-52303aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
  from 0, < 3.10.11-1
• HIGH7.5CVE-2024-30251aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
  from 0, < 3.7.4-1+deb11u1
• HIGH7.2CVE-2023-49081aiohttp's ClientSession is vulnerable to CRLF injection via version
  from 0, < 3.7.4-1+deb11u1
• MEDIUM6.5CVE-2025-69224AIOHTTP's unicode processing of header values could cause parsing discrepancies
  from 0
• MEDIUM6.5CVE-2024-23829aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
  from 0, < 3.7.4-1+deb11u1
• MEDIUM6.1CVE-2024-27306aiohttp Cross-site Scripting vulnerability on index pages for static file handling
  from 0, < 3.7.4-1+deb11u1
• MEDIUM5.9CVE-2024-23334aiohttp is vulnerable to directory traversal
  from 0, < 3.7.4-1+deb11u1
• MEDIUM5.3CVE-2026-34525AIOHTTP accepts duplicate Host headers
  from 0
• MEDIUM5.3CVE-2026-34519AIOHTTP has HTTP response splitting via \r in reason phrase
  from 0
• MEDIUM5.3CVE-2026-34518AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect
  from 0
• MEDIUM5.3CVE-2026-34517AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS
  from 0
• MEDIUM5.3CVE-2026-34514AIOHTTP has CRLF injection through multipart part content type header construction
  from 0
• MEDIUM5.3CVE-2025-69230AIOHTTP Vulnerable to Cookie Parser Warning Storm
  from 0, < 3.13.3-1
• MEDIUM5.3CVE-2025-69229AIOHTTP vulnerable to DoS through chunked messages
  from 0
• MEDIUM5.3CVE-2025-69226AIOHTTP vulnerable to brute-force leak of internal static file path components
  from 0
• MEDIUM5.3CVE-2025-69225AIOHTTP has unicode match groups in regexes for ASCII protocol elements
  from 0
• MEDIUM5.3CVE-2023-49082aiohttp's ClientSession is vulnerable to CRLF injection via method
  from 0, < 3.7.4-1+deb11u1
• MEDIUM5.3CVE-2023-47627python-aiohttp - security update
  from 0, < 3.8.4-1+deb12u1
• MEDIUM5.3CVE-2023-47627python-aiohttp - security update
  from 0, < 3.7.4-1+deb11u1
• MEDIUM5.3CVE-2023-47627python-aiohttp - security update
  from 0, < 3.7.4-1+deb11u1
• MEDIUM5.3CVE-2023-37276aiohttp.web.Application vulnerable to HTTP request smuggling via llhttp HTTP request parser
  from 0
• MEDIUM4.8CVE-2024-42367In aiohttp, compressed files as symlinks are not protected from path traversal
  from 0
• LOW3.4CVE-2023-47641Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks
  from 0, < 3.7.4-1+deb11u1
• LOW3.1CVE-2021-21330`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)
  from 0, < 3.7.4-1
• LOW3.1CVE-2021-21330`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)
  from 0, < 3.5.1-1+deb10u1
• —CVE-2026-22815aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage
  from 0