Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-47627

Опубликовано: 14 нояб. 2023
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 5.3

Описание

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit d5c12ba89 which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.

РелизСтатусПримечание
bionic

ignored

end of standard support
devel

not-affected

3.9.1-1build1
esm-apps/bionic

ignored

changes too intrusive
esm-apps/focal

released

3.6.2-1ubuntu1+esm4
esm-apps/jammy

released

3.8.1-4ubuntu0.2+esm1
esm-apps/noble

not-affected

3.9.1-1ubuntu0.1
esm-apps/xenial

not-affected

code not present
focal

ignored

end of standard support, was needs-triage
jammy

needed

lunar

ignored

end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 38%
0.00163
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-47627

CVSS3: 7.5
redhat
почти 2 года назад

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.

nvd логотип

CVE-2023-47627

CVSS3: 5.3
nvd
почти 2 года назад

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.

debian логотип

CVE-2023-47627

CVSS3: 5.3
debian
почти 2 года назад

aiohttp is an asynchronous HTTP client/server framework for asyncio an ...

github логотип

GHSA-gfw2-4jvh-wgfg

CVSS3: 5.3
github
почти 2 года назад

AIOHTTP has problems in HTTP parser (the python one, not llhttp)

fstec логотип

BDU:2024-02173

CVSS3: 7.5
fstec
почти 2 года назад

Уязвимость HTTP-клиента aiohttp, связанная с недостатками обработки заголовков HTTP-запросов, позволяющая нарушителю отправить скрытый HTTP-запрос (атака типа HTTP Request Smuggling)

EPSS

Процентиль: 38%
0.00163
Низкий

5.3 Medium

CVSS3

Уязвимость CVE-2023-47627