PYSEC-2023-246

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/aiohttp/PYSEC-2023-246.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2023-246
Aliases
Published
2023-11-14T21:15:00Z
Modified
2024-09-11T06:12:36.090141Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTPNOEXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit d5c12ba89 which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.

References

Affected packages

PyPI / aiohttp

Package

Affected ranges

Type
GIT
Repo
https://github.com/aio-libs/aiohttp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.8.6

Affected versions

0.*

0.1
0.2
0.3
0.4
0.4.1
0.4.2
0.4.3
0.4.4
0.5.0
0.6.0
0.6.1
0.6.2
0.6.3
0.6.4
0.6.5
0.7.0
0.7.1
0.7.2
0.7.3
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.9.0
0.9.1
0.9.2
0.9.3
0.10.0
0.10.1
0.10.2
0.11.0
0.12.0
0.13.0
0.13.1
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.15.0
0.15.1
0.15.2
0.15.3
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.16.5
0.16.6
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.18.0
0.18.1
0.18.2
0.18.3
0.18.4
0.19.0
0.20.0
0.20.1
0.20.2
0.21.0
0.21.1
0.21.2
0.21.4
0.21.5
0.21.6
0.22.0a0
0.22.0b0
0.22.0b1
0.22.0b2
0.22.0b3
0.22.0b4
0.22.0b5
0.22.0b6
0.22.0
0.22.1
0.22.2
0.22.3
0.22.4
0.22.5

1.*

1.0.0
1.0.1
1.0.2
1.0.3
1.0.5
1.1.0
1.1.1
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.2.0
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5

2.*

2.0.0rc1
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.1.0
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.3.0a1
2.3.0a2
2.3.0a3
2.3.0a4
2.3.0
2.3.1a1
2.3.1
2.3.2b2
2.3.2b3
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.3.10

3.*

3.0.0b0
3.0.0b1
3.0.0b2
3.0.0b3
3.0.0b4
3.0.0
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.0.6
3.0.7
3.0.8
3.0.9
3.1.0
3.1.1
3.1.2
3.1.3
3.2.0
3.2.1
3.3.0a0
3.3.0
3.3.1
3.3.2a0
3.3.2
3.4.0a0
3.4.0a3
3.4.0b1
3.4.0b2
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.5.0a1
3.5.0b1
3.5.0b2
3.5.0b3
3.5.0
3.5.1
3.5.2
3.5.3
3.5.4
3.6.0a0
3.6.0a1
3.6.0a2
3.6.0a3
3.6.0a4
3.6.0a5
3.6.0a6
3.6.0a7
3.6.0a8
3.6.0a9
3.6.0a11
3.6.0a12
3.6.0b0
3.6.0
3.6.1b3
3.6.1b4
3.6.1
3.6.2a0
3.6.2a1
3.6.2a2
3.6.2
3.6.3
3.7.0b0
3.7.0b1
3.7.0
3.7.1
3.7.2
3.7.3
3.7.4
3.7.4.post0
3.8.0a7
3.8.0b0
3.8.0
3.8.1
3.8.2
3.8.3
3.8.4
3.8.5