CVE-2023-49082

Опубликовано: 29 нояб. 2023

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 5.3

Описание

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	not-affected	3.9.1-1build1
esm-apps/bionic	released	3.0.1-1ubuntu0.1~esm5
esm-apps/focal	released	3.6.2-1ubuntu1+esm4
esm-apps/jammy	released	3.8.1-4ubuntu0.2+esm1
esm-apps/noble	not-affected	3.9.1-1ubuntu0.1
esm-apps/xenial	not-affected	code not present
focal	ignored	end of standard support, was needs-triage
jammy	needed
lunar	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 47%

0.00241

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2023-49082

CVSS3: 5.3

redhat

около 2 лет назад

CVE-2023-49082

CVSS3: 5.3

nvd

около 2 лет назад

CVE-2023-49082

CVSS3: 5.3

debian

около 2 лет назад

aiohttp is an asynchronous HTTP client/server framework for asyncio an ...

SUSE-SU-2024:0168-1

suse-cvrf

почти 2 года назад

Security update for python-aiohttp

GHSA-qvrw-v9rv-5rjx

CVSS3: 5.3

github

около 2 лет назад

aiohttp's ClientSession is vulnerable to CRLF injection via method

EPSS

Процентиль: 47%

0.00241

Низкий

5.3 Medium

CVSS3

CVE-2023-49082

Описание

Пакет python-aiohttp

Ссылки на источники

Связанные уязвимости