Approved changes feed: RSS · Atom

cpe:2.3:a:aio-libs_project:aiohttp:-:*:*:*:*:*:*:*

part: a version: - update: *

VendorAio Libs Project (6df05957-d311-5ea9-afeb-a919a5b5cef7)
ProductAiohttp (f337c783-9580-5874-ab74-5281a872c105)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/aio-libs/aiohttp purl2cpe 2026-06-01 10:13:20.356962
pkg:pypi/aiohttp purl2cpe 2026-06-01 10:13:20.356965

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-30251 vulnerable 2026-06-08 06:35:29.331132 Denial of service when trying to parse malformed POST requests in aiohttp
HIGH (7.5)
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.
Published: 2024-05-02T13:55:06.135Z
Updated: 2025-11-03T20:37:11.081Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2018-1000519 vulnerable 2026-06-08 05:10:25.734693 Details available
aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie).
Published: 2018-06-26T16:00:00.000Z
Updated: 2024-08-05T12:40:47.085Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.