Описание
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 1.2 | aiohttp | Will not fix | ||
| Red Hat Satellite 6 | tfm-pulpcore-python-aiohttp | Out of support scope | ||
| Red Hat Ansible Automation Platform 2.4 for RHEL 8 | python3x-aiohttp | Fixed | RHSA-2024:1057 | 29.02.2024 |
| Red Hat Ansible Automation Platform 2.4 for RHEL 9 | python-aiohttp | Fixed | RHSA-2024:1057 | 29.02.2024 |
| Red Hat Satellite 6.14 for RHEL 8 | python-aiohttp | Fixed | RHSA-2024:1536 | 27.03.2024 |
| Red Hat Satellite 6.14 for RHEL 8 | python-aiohttp | Fixed | RHSA-2024:1536 | 27.03.2024 |
| Red Hat Satellite 6.15 for RHEL 8 | python-aiohttp | Fixed | RHSA-2024:2010 | 23.04.2024 |
| Red Hat Satellite 6.15 for RHEL 8 | python-aiohttp | Fixed | RHSA-2024:2010 | 23.04.2024 |
| RHUI 4 for RHEL 8 | python-aiohttp | Fixed | RHSA-2024:1878 | 18.04.2024 |
Показывать по
Дополнительная информация
Статус:
5.8 Medium
CVSS3
Связанные уязвимости
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
aiohttp is an asynchronous HTTP client/server framework for asyncio an ...
5.8 Medium
CVSS3