Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-49081

Опубликовано: 30 нояб. 2023
Источник: debian

Описание

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-aiohttpfixed3.9.1-1package
python-aiohttppostponedbusterpackage

Примечания

  • https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2

  • https://github.com/aio-libs/aiohttp/pull/7835

  • https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b (master)

  • https://github.com/aio-libs/aiohttp/commit/53476dfd4ef4fb1bb74a267714bbc39eda71b403 (v3.9.0rc0)

Связанные уязвимости

ubuntu логотип

CVE-2023-49081

CVSS3: 7.2
ubuntu
около 2 лет назад

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.

redhat логотип

CVE-2023-49081

CVSS3: 5.8
redhat
около 2 лет назад

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.

nvd логотип

CVE-2023-49081

CVSS3: 7.2
nvd
около 2 лет назад

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.

suse-cvrf логотип

SUSE-SU-2024:0034-1

suse-cvrf
почти 2 года назад

Security update for python-aiohttp

suse-cvrf логотип

SUSE-SU-2024:0033-1

suse-cvrf
почти 2 года назад

Security update for python-aiohttp