6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.7 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%
aiohttp is an asynchronous HTTP client/server framework for asyncio and
Python. Affected versions of aiohttp have a security vulnerability
regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is
a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE)
header values are present it can lead to incorrect interpretation of two
entities that parse the HTTP and we can poison other sockets with this
incorrect interpretation. A possible Proof-of-Concept (POC) would be a
configuration with a reverse proxy(frontend) that accepts both CL and TE
headers and aiohttp as backend. As aiohttp parses anything with chunked, we
can pass a chunked123 as TE, the frontend entity will ignore this header
and will parse Content-Length. The impact of this vulnerability is that it
is possible to bypass any proxy rule, poisoning sockets to other users like
passing Authentication Headers, also if it is present an Open Redirect an
attacker could combine it to redirect random users to another website and
log the request. This vulnerability has been addressed in release 3.8.0 of
aiohttp. Users are advised to upgrade. There are no known workarounds for
this vulnerability.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | python-aiohttp | < any | UNKNOWN |
ubuntu | 20.04 | noarch | python-aiohttp | < any | UNKNOWN |
ubuntu | 16.04 | noarch | python-aiohttp | < any | UNKNOWN |
github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371
github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371 (v3.8.0b0)
github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j
launchpad.net/bugs/cve/CVE-2023-47641
nvd.nist.gov/vuln/detail/CVE-2023-47641
security-tracker.debian.org/tracker/CVE-2023-47641
www.cve.org/CVERecord?id=CVE-2023-47641
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
6.7 Medium
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.0%