aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-30T06:56:26.348Z

Updated: 2024-08-02T21:46:28.933Z

Reserved: 2023-11-21T18:57:30.428Z

Link: CVE-2023-49081

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-11-30T07:15:08.723

Modified: 2024-11-21T08:32:46.897

Link: CVE-2023-49081

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-11-30T00:00:00Z

Links: CVE-2023-49081 - Bugzilla