OESA-2023-1900 python-aiohttp security update

🗓️ 08 Dec 2023 11:06:26Reported by GoogleType

osv🔗 osv.dev👁 1 Views

Aiohttp security update fixes a flaw allowing request modification via controlling the HTTP version; patched in 3.9.0.

Reporter	Title	Published	Views	Family All 101
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps	16 Oct 202422:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Fusion is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.	11 May 202416:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Maximo Application Suite - IoT Component uses aiohttp-3.8.6-cp37-cp37m-manylinux_2_17_x86_64.manylinux2014_x86_64.whl which is vulnerable to CVE-2024-23829, CVE-2023-49082, CVE-2024-23334 and CVE-2023-49081	15 Apr 202502:22	–	ibm
Chainguard	CVE-2023-49081 vulnerabilities	30 Nov 202307:15	–	cgr
Circl	CVE-2023-49081	26 Nov 202317:33	–	circl
CNNVD	aiohttp Security Vulnerabilities	30 Nov 202300:00	–	cnnvd
CVE	CVE-2023-49081	30 Nov 202306:56	–	cve
Cvelist	CVE-2023-49081 aiohttp's ClientSession is vulnerable to CRLF injection via version	30 Nov 202306:56	–	cvelist
Debian	[SECURITY] [DLA 4041-1] python-aiohttp security update	3 Feb 202514:01	–	debian
Debian	[SECURITY] [DSA 5828-1] python-aiohttp security update	11 Dec 202419:24	–	debian