Описание
aiohttp has vulnerable dependency that is vulnerable to request smuggling
Summary
llhttp 8.1.1 is vulnerable to two request smuggling vulnerabilities. Details have not been disclosed yet, so refer to llhttp for future information. The issue is resolved by using llhttp 9+ (which is included in aiohttp 3.8.6+).
Пакеты
Наименование
aiohttp
pip
Затронутые версииВерсия исправления
< 3.8.6
3.8.6
Дефекты
CWE-444
Дефекты
CWE-444