7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.8%
aiohttp is an asynchronous HTTP client/server framework for asyncio and
Python. Improper validation made it possible for an attacker to modify the
HTTP request (e.g. to insert a new header) or create a new HTTP request if
the attacker controls the HTTP version. The vulnerability only occurs if
the attacker can control the HTTP version of the request. This issue has
been patched in version 3.9.0.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | python-aiohttp | < any | UNKNOWN |
ubuntu | 20.04 | noarch | python-aiohttp | < any | UNKNOWN |
ubuntu | 22.04 | noarch | python-aiohttp | < any | UNKNOWN |
ubuntu | 23.10 | noarch | python-aiohttp | < any | UNKNOWN |
ubuntu | 24.04 | noarch | python-aiohttp | < any | UNKNOWN |
ubuntu | 16.04 | noarch | python-aiohttp | < any | UNKNOWN |
gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e
github.com/aio-libs/aiohttp/pull/7835
github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2
launchpad.net/bugs/cve/CVE-2023-49081
nvd.nist.gov/vuln/detail/CVE-2023-49081
security-tracker.debian.org/tracker/CVE-2023-49081
www.cve.org/CVERecord?id=CVE-2023-49081
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
19.8%