7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
49.3%
Aiohttp HTTP client vulnerability exists due to insufficient input validation. Exploitation
vulnerability could allow an attacker acting remotely to modify an HTTP request or create a new
HTTP request
The aiohttp HTTP client vulnerability is related to code analyzer errors when the header is enabled
AIOHTTP_NO_EXTENSIONS. Exploitation of the vulnerability could allow an attacker acting remotely,
perform an HTTP request smuggling attack
Vulnerability in aiohttp HTTP client is related to failure to take measures to neutralize CRLF sequences.
Exploitation of the vulnerability could allow an attacker acting remotely to send a covert HTTP request
(HTTP Request Smuggling attack)
The aiohttp HTTP client vulnerability is related to misinterpretation of objects that analyze HTTP.
Exploitation of the vulnerability could allow an attacker acting remotely to perform an “HTTP Request Smuggling” attack.
HTTP requests" attack
The aiohttp HTTP client vulnerability is related to flaws in the processing of HTTP requests. Exploitation of the vulnerability
could allow an attacker acting remotely to perform an HTTP request smuggling attack
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | python3-aiohttp | <= 3.8.1-2 | UNKNOWN |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
49.3%