Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-49081

Опубликовано: 30 нояб. 2023
Источник: debian
EPSS Низкий

Описание

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-aiohttpfixed3.9.1-1package
python-aiohttppostponedbusterpackage

Примечания

  • https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2

  • https://github.com/aio-libs/aiohttp/pull/7835

  • https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b (master)

  • https://github.com/aio-libs/aiohttp/commit/53476dfd4ef4fb1bb74a267714bbc39eda71b403 (v3.9.0rc0)

EPSS

Процентиль: 47%
0.00242
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-49081

CVSS3: 7.2
ubuntu
больше 1 года назад

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.

redhat логотип

CVE-2023-49081

CVSS3: 5.8
redhat
больше 1 года назад

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.

nvd логотип

CVE-2023-49081

CVSS3: 7.2
nvd
больше 1 года назад

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.

suse-cvrf логотип

SUSE-SU-2024:0034-1

suse-cvrf
больше 1 года назад

Security update for python-aiohttp

suse-cvrf логотип

SUSE-SU-2024:0033-1

suse-cvrf
больше 1 года назад

Security update for python-aiohttp

EPSS

Процентиль: 47%
0.00242
Низкий