Approved changes feed: RSS · Atom
cpe:2.3:a:aio-libs_project:aiohttp:-:*:*:*:*:*:*:*
part: a version: - update: *
| Vendor | Aio Libs Project (6df05957-d311-5ea9-afeb-a919a5b5cef7) |
|---|---|
| Product | Aiohttp (f337c783-9580-5874-ab74-5281a872c105) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/aio-libs/aiohttp |
purl2cpe | 2026-06-01 10:13:20.356962 |
pkg:pypi/aiohttp |
purl2cpe | 2026-06-01 10:13:20.356965 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-30251 |
vulnerable | 2026-06-08 06:35:29.331132 |
Denial of service when trying to parse malformed POST requests in aiohttp
HIGH (7.5)
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.
Published: 2024-05-02T13:55:06.135Z
Updated: 2025-11-03T20:37:11.081Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-1000519 |
vulnerable | 2026-06-08 05:10:25.734693 |
Details available
aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie).
Published: 2018-06-26T16:00:00.000Z
Updated: 2024-08-05T12:40:47.085Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.