CVE-2025-69224

Опубликовано: 05 янв. 2026

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 6.5

Описание

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. This issue is fixed in version 3.13.3.

Релиз	Статус	Примечание
devel	not-affected	3.13.3-3
esm-apps/bionic	ignored	backporting risks regression
esm-apps/focal	ignored	backporting risks regression
esm-apps/jammy	released	3.8.1-4ubuntu0.2+esm2
esm-apps/noble	released	3.9.1-1ubuntu0.1+esm2
esm-apps/xenial	ignored	backporting risks regression
jammy	needed
noble	needed
plucky	ignored	end of life, was needs-triage
questing	released	3.11.16-1ubuntu0.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 13%

0.00043

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2025-69224

CVSS3: 5.4

redhat

3 месяца назад

CVE-2025-69224

CVSS3: 6.5

nvd

3 месяца назад

CVE-2025-69224

CVSS3: 6.5

debian

3 месяца назад

AIOHTTP is an asynchronous HTTP client/server framework for asyncio an ...

GHSA-69f9-5gxw-wvc2

github

3 месяца назад

AIOHTTP's unicode processing of header values could cause parsing discrepancies

SUSE-SU-2026:0859-1

suse-cvrf

24 дня назад

Security update for python-aiohttp

EPSS

Процентиль: 13%

0.00043

Низкий

6.5 Medium

CVSS3

CVE-2025-69224

Описание

Пакет python-aiohttp

Ссылки на источники

Связанные уязвимости