7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.1%
aiohttp is vulnerable to HTTP Request Smuggling. The vulnerability exists due to various issues with header parsing in http_parser.py
. This allows a remote attacker to smuggle an HTTP request by submitting a maliciously crafted header. This is impactful when AIOHTTP_NO_EXTENSIONS
is enabled or when not using a prebuilt wheel.
github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d
github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
lists.fedoraproject.org/archives/list/[email protected]/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U/
lists.fedoraproject.org/archives/list/[email protected]/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35/
lists.fedoraproject.org/archives/list/[email protected]/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM/
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.1%