OESA-2023-1900
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1900
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2023-1900.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2023-1900
- Upstream
- Published
- 2023-12-08T11:06:26Z
- Modified
- 2025-08-12T05:23:44.255213Z
- Summary
- python-aiohttp security update
- Details
-
Async http client/server framework (asyncio).
Security Fix(es):
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.(CVE-2023-49081)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / python-aiohttp
Package
- Name
- python-aiohttp
- Purl
- pkg:rpm/openEuler/python-aiohttp&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.7.4-3.oe1
Ecosystem specific
{
"x86_64": [
"python3-aiohttp-3.7.4-3.oe1.x86_64.rpm",
"python-aiohttp-debugsource-3.7.4-3.oe1.x86_64.rpm",
"python-aiohttp-debuginfo-3.7.4-3.oe1.x86_64.rpm",
"python-aiohttp-help-3.7.4-3.oe1.x86_64.rpm"
],
"src": [
"python-aiohttp-3.7.4-3.oe1.src.rpm"
],
"aarch64": [
"python-aiohttp-debuginfo-3.7.4-3.oe1.aarch64.rpm",
"python-aiohttp-help-3.7.4-3.oe1.aarch64.rpm",
"python3-aiohttp-3.7.4-3.oe1.aarch64.rpm",
"python-aiohttp-debugsource-3.7.4-3.oe1.aarch64.rpm"
]
}
openEuler:20.03-LTS-SP3 / python-aiohttp
Package
- Name
- python-aiohttp
- Purl
- pkg:rpm/openEuler/python-aiohttp&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.7.4-3.oe1
Ecosystem specific
{
"x86_64": [
"python-aiohttp-help-3.7.4-3.oe1.x86_64.rpm",
"python3-aiohttp-3.7.4-3.oe1.x86_64.rpm",
"python-aiohttp-debugsource-3.7.4-3.oe1.x86_64.rpm",
"python-aiohttp-debuginfo-3.7.4-3.oe1.x86_64.rpm"
],
"src": [
"python-aiohttp-3.7.4-3.oe1.src.rpm"
],
"aarch64": [
"python-aiohttp-help-3.7.4-3.oe1.aarch64.rpm",
"python3-aiohttp-3.7.4-3.oe1.aarch64.rpm",
"python-aiohttp-debugsource-3.7.4-3.oe1.aarch64.rpm",
"python-aiohttp-debuginfo-3.7.4-3.oe1.aarch64.rpm"
]
}
openEuler:22.03-LTS / python-aiohttp
Package
- Name
- python-aiohttp
- Purl
- pkg:rpm/openEuler/python-aiohttp&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.7.4-4.oe2203sp2
Ecosystem specific
{
"x86_64": [
"python-aiohttp-help-3.7.4-4.oe2203.x86_64.rpm",
"python3-aiohttp-3.7.4-4.oe2203.x86_64.rpm",
"python-aiohttp-debuginfo-3.7.4-4.oe2203.x86_64.rpm",
"python-aiohttp-debugsource-3.7.4-4.oe2203.x86_64.rpm",
"python3-aiohttp-3.7.4-4.oe2203sp1.x86_64.rpm",
"python-aiohttp-debuginfo-3.7.4-4.oe2203sp1.x86_64.rpm",
"python-aiohttp-help-3.7.4-4.oe2203sp1.x86_64.rpm",
"python-aiohttp-debugsource-3.7.4-4.oe2203sp1.x86_64.rpm",
"python-aiohttp-debuginfo-3.7.4-4.oe2203sp2.x86_64.rpm",
"python3-aiohttp-3.7.4-4.oe2203sp2.x86_64.rpm",
"python-aiohttp-help-3.7.4-4.oe2203sp2.x86_64.rpm",
"python-aiohttp-debugsource-3.7.4-4.oe2203sp2.x86_64.rpm"
],
"src": [
"python-aiohttp-3.7.4-4.oe2203.src.rpm",
"python-aiohttp-3.7.4-4.oe2203sp1.src.rpm",
"python-aiohttp-3.7.4-4.oe2203sp2.src.rpm"
],
"aarch64": [
"python-aiohttp-help-3.7.4-4.oe2203.aarch64.rpm",
"python3-aiohttp-3.7.4-4.oe2203.aarch64.rpm",
"python-aiohttp-debuginfo-3.7.4-4.oe2203.aarch64.rpm",
"python-aiohttp-debugsource-3.7.4-4.oe2203.aarch64.rpm",
"python3-aiohttp-3.7.4-4.oe2203sp1.aarch64.rpm",
"python-aiohttp-help-3.7.4-4.oe2203sp1.aarch64.rpm",
"python-aiohttp-debuginfo-3.7.4-4.oe2203sp1.aarch64.rpm",
"python-aiohttp-debugsource-3.7.4-4.oe2203sp1.aarch64.rpm",
"python-aiohttp-debugsource-3.7.4-4.oe2203sp2.aarch64.rpm",
"python3-aiohttp-3.7.4-4.oe2203sp2.aarch64.rpm",
"python-aiohttp-help-3.7.4-4.oe2203sp2.aarch64.rpm",
"python-aiohttp-debuginfo-3.7.4-4.oe2203sp2.aarch64.rpm"
]
}
openEuler:22.03-LTS-SP1 / python-aiohttp
Package
- Name
- python-aiohttp
- Purl
- pkg:rpm/openEuler/python-aiohttp&distro=openEuler-22.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.7.4-4.oe2203sp1
Ecosystem specific
{
"x86_64": [
"python3-aiohttp-3.7.4-4.oe2203sp1.x86_64.rpm",
"python-aiohttp-debuginfo-3.7.4-4.oe2203sp1.x86_64.rpm",
"python-aiohttp-help-3.7.4-4.oe2203sp1.x86_64.rpm",
"python-aiohttp-debugsource-3.7.4-4.oe2203sp1.x86_64.rpm"
],
"src": [
"python-aiohttp-3.7.4-4.oe2203sp1.src.rpm"
],
"aarch64": [
"python3-aiohttp-3.7.4-4.oe2203sp1.aarch64.rpm",
"python-aiohttp-help-3.7.4-4.oe2203sp1.aarch64.rpm",
"python-aiohttp-debuginfo-3.7.4-4.oe2203sp1.aarch64.rpm",
"python-aiohttp-debugsource-3.7.4-4.oe2203sp1.aarch64.rpm"
]
}
openEuler:22.03-LTS-SP2 / python-aiohttp
Package
- Name
- python-aiohttp
- Purl
- pkg:rpm/openEuler/python-aiohttp&distro=openEuler-22.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.7.4-4.oe2203sp2
Ecosystem specific
{
"x86_64": [
"python-aiohttp-debuginfo-3.7.4-4.oe2203sp2.x86_64.rpm",
"python3-aiohttp-3.7.4-4.oe2203sp2.x86_64.rpm",
"python-aiohttp-help-3.7.4-4.oe2203sp2.x86_64.rpm",
"python-aiohttp-debugsource-3.7.4-4.oe2203sp2.x86_64.rpm"
],
"src": [
"python-aiohttp-3.7.4-4.oe2203sp2.src.rpm"
],
"aarch64": [
"python-aiohttp-debugsource-3.7.4-4.oe2203sp2.aarch64.rpm",
"python3-aiohttp-3.7.4-4.oe2203sp2.aarch64.rpm",
"python-aiohttp-help-3.7.4-4.oe2203sp2.aarch64.rpm",
"python-aiohttp-debuginfo-3.7.4-4.oe2203sp2.aarch64.rpm"
]
}