Veracode Vulnerability DatabaseVERACODE:45204Request Smuggling
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.7 Medium
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
30.9%
aiohttp is vulnerable to Request Smuggling.The vulnerability is caused due to improper parsing of HTTP requests within http_parser.py. This flaw results in excessive resource consumption on the application server, resulting in Denial of Service (DoS) and/or Request Smuggling.
References
github.com/advisories/GHSA-8qpw-xqxj-h4r2
github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
github.com/aio-libs/aiohttp/commit/d33bc21414e283c9e6fe7f6caf69e2ed60d66c82
github.com/aio-libs/aiohttp/pull/8074
github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
lists.fedoraproject.org/archives/list/[email protected]/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
lists.fedoraproject.org/archives/list/[email protected]/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
6.7 Medium
AI Score
Confidence
High
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
30.9%