python3-aiohttp vulnerabilities

Known vulnerabilities in the python3-aiohttp package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Symlink Following	*
M Loop with Unreachable Exit Condition ('Infinite Loop')	*
M Cross-site Scripting (XSS)	*
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Reliance on Untrusted Inputs in a Security Decision	<0:3.6.2-4.el7ar
H Directory Traversal	<0:3.6.2-4.el7ar
H Incorrect Default Permissions	<0:3.6.2-4.el7ar
H Improper Validation of Certificate with Host Mismatch	<0:3.6.2-4.el7ar
H Improper Input Validation	<0:3.6.2-4.el7ar
H HTTP Request Smuggling	<0:3.6.2-4.el7ar
H Cross-site Scripting (XSS)	<0:3.6.2-4.el7ar
H Eval Injection	<0:3.6.2-4.el7ar
H HTTP Response Splitting	<0:3.6.2-4.el7ar
H Improper Authentication	<0:3.6.2-4.el7ar
H Insufficiently Protected Credentials	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Improper Input Validation	<0:3.6.2-4.el7ar
H Improperly Implemented Security Check for Standard	<0:3.6.2-4.el7ar
H Cross-site Scripting (XSS)	<0:3.6.2-4.el7ar
H CVE-2018-3258	<0:3.6.2-4.el7ar
H Missing Authorization	<0:3.6.2-4.el7ar
M HTTP Request Smuggling	*
M Directory Traversal	*
L Improper Input Validation	*
M Improper Input Validation	*
M HTTP Request Smuggling	*
M HTTP Request Smuggling	*
M Information Exposure	<0:3.6.2-4.el7ar
M Missing Authorization	<0:3.6.2-4.el7ar
M Information Exposure Through Log Files	<0:3.6.2-4.el7ar
H Improper Input Validation	<0:3.6.2-4.el7ar
H Cross-site Scripting (XSS)	<0:3.6.2-4.el7ar
M Information Exposure	<0:3.6.2-4.el7ar
H Improper Authorization	<0:3.6.2-4.el7ar
H Cleartext Transmission of Sensitive Information	<0:3.6.2-4.el7ar
H Improper Certificate Validation	<0:3.6.2-4.el7ar
H Insufficiently Protected Credentials	<0:3.6.2-4.el7ar
H Improper Authentication	<0:3.6.2-4.el7ar
M Information Exposure	<0:3.6.2-4.el7ar
H Information Exposure	<0:3.6.2-4.el7ar
M Information Exposure	<0:3.6.2-4.el7ar
H Incorrect Default Permissions	<0:3.6.2-4.el7ar
M SQL Injection	<0:3.6.2-4.el7ar
H Improperly Implemented Security Check for Standard	<0:3.6.2-4.el7ar
H Missing Authorization	<0:3.6.2-4.el7ar
H Improper Validation of Certificate with Host Mismatch	<0:3.6.2-4.el7ar
M Execution with Unnecessary Privileges	<0:3.6.2-4.el7ar
H HTTP Request Smuggling	<0:3.6.2-4.el7ar
M Out-of-Bounds	<0:3.6.2-4.el7ar
M Information Exposure	<0:3.6.2-4.el7ar
M Cross-site Request Forgery (CSRF)	<0:3.6.2-4.el7ar
H Cross-site Scripting (XSS)	<0:3.6.2-4.el7ar
M Cross-site Request Forgery (CSRF)	<0:3.6.2-4.el7ar
H Improper Input Validation	<0:3.6.2-4.el7ar
M Cross-site Scripting (XSS)	<0:3.6.2-4.el7ar
M Improper Input Validation	<0:3.6.2-4.el7ar
M Improper Input Validation	<0:3.6.2-4.el7ar
H Eval Injection	<0:3.6.2-4.el7ar
H Directory Traversal	<0:3.6.2-4.el7ar
H HTTP Response Splitting	<0:3.6.2-4.el7ar
H Reliance on Untrusted Inputs in a Security Decision	<0:3.6.2-4.el7ar
H CVE-2018-3258	<0:3.6.2-4.el7ar
M Covert Timing Channel	<0:3.6.2-4.el7ar
M Covert Timing Channel	<0:3.6.2-4.el7ar
H Covert Timing Channel	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
M Information Exposure	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar
M Use After Free	<0:3.6.2-4.el7ar
H Deserialization of Untrusted Data	<0:3.6.2-4.el7ar

Vulnerability

Vulnerable Version

Symlink Following