Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
Typedeb
Namespacedebian
Namepython-aiohttp
Version3.7.4-1+deb11u1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.8.1-1
Latest_non_vulnerable_version3.13.3-3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-bcuu-jvzt-6fhn
vulnerability_id VCID-bcuu-jvzt-6fhn
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49081.json
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49081.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49081
reference_id
reference_type
scores
0
value 0.00457
scoring_system epss
scoring_elements 0.63965
published_at 2026-04-18T12:55:00Z
1
value 0.00457
scoring_system epss
scoring_elements 0.63928
published_at 2026-04-04T12:55:00Z
2
value 0.00457
scoring_system epss
scoring_elements 0.63886
published_at 2026-04-07T12:55:00Z
3
value 0.00457
scoring_system epss
scoring_elements 0.63902
published_at 2026-04-02T12:55:00Z
4
value 0.00457
scoring_system epss
scoring_elements 0.6392
published_at 2026-04-13T12:55:00Z
5
value 0.00457
scoring_system epss
scoring_elements 0.63953
published_at 2026-04-12T12:55:00Z
6
value 0.00457
scoring_system epss
scoring_elements 0.63967
published_at 2026-04-11T12:55:00Z
7
value 0.00457
scoring_system epss
scoring_elements 0.63955
published_at 2026-04-16T12:55:00Z
8
value 0.00457
scoring_system epss
scoring_elements 0.63937
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49081
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49081
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49081
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/jnovikov/184afb593d9c2114d77f508e0ccd508e
5
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
6
reference_url https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/1e86b777e61cf4eefc7d92fa57fa19dcc676013b
7
reference_url https://github.com/aio-libs/aiohttp/pull/7835/files
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/7835/files
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-q3qx-c6g2-7pw2
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-250.yaml
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-250.yaml
10
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057163
reference_id 1057163
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057163
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252235
reference_id 2252235
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252235
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49081
reference_id CVE-2023-49081
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49081
16
reference_url https://github.com/advisories/GHSA-q3qx-c6g2-7pw2
reference_id GHSA-q3qx-c6g2-7pw2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q3qx-c6g2-7pw2
17
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
18
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
19
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie
1
url pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ekqy-23wg-5ugu
2
vulnerability VCID-ft9z-nd6x-27dz
3
vulnerability VCID-jxqg-x9dh-z3hb
4
vulnerability VCID-k122-7d38-2ug5
5
vulnerability VCID-peyu-fxyx-ayde
6
vulnerability VCID-qrus-4szm-c3bj
7
vulnerability VCID-sjws-ddnq-fke2
8
vulnerability VCID-t9gx-etxx-vkgb
9
vulnerability VCID-tn28-662n-vug8
10
vulnerability VCID-ttq3-65ny-skdg
11
vulnerability VCID-vqvz-jfqh-jkaz
12
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-aiohttp@3.9.1-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.9.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.9.1-1%3Fdistro=trixie
4
url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie
5
url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie
aliases CVE-2023-49081, GHSA-q3qx-c6g2-7pw2, PYSEC-2023-250
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bcuu-jvzt-6fhn
1
url VCID-bhkk-2b7c-wfgr
vulnerability_id VCID-bhkk-2b7c-wfgr
summary 
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
### Summary
An attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests.

### Impact
An attacker can stop the application from serving requests after sending a single request.

-------

For anyone needing to patch older versions of aiohttp, the minimum diff needed to resolve the issue is (located in `_read_chunk_from_length()`):

```diff
diff --git a/aiohttp/multipart.py b/aiohttp/multipart.py
index 227be605c..71fc2654a 100644
--- a/aiohttp/multipart.py
+++ b/aiohttp/multipart.py
@@ -338,6 +338,8 @@ class BodyPartReader:
         assert self._length is not None, "Content-Length required for chunked read"
         chunk_size = min(size, self._length - self._read_bytes)
         chunk = await self._content.read(chunk_size)
+        if self._content.at_eof():
+            self._at_eof = True
         return chunk
 
     async def _read_chunk_from_stream(self, size: int) -> bytes:
```

This does however introduce some very minor issues with handling form data. So, if possible, it would be recommended to also backport the changes in:
https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19
https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597
https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30251.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-30251.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-30251
reference_id
reference_type
scores
0
value 0.00359
scoring_system epss
scoring_elements 0.58159
published_at 2026-04-18T12:55:00Z
1
value 0.00359
scoring_system epss
scoring_elements 0.58128
published_at 2026-04-13T12:55:00Z
2
value 0.00359
scoring_system epss
scoring_elements 0.58147
published_at 2026-04-12T12:55:00Z
3
value 0.00359
scoring_system epss
scoring_elements 0.58171
published_at 2026-04-11T12:55:00Z
4
value 0.00359
scoring_system epss
scoring_elements 0.58155
published_at 2026-04-09T12:55:00Z
5
value 0.00359
scoring_system epss
scoring_elements 0.58097
published_at 2026-04-07T12:55:00Z
6
value 0.00359
scoring_system epss
scoring_elements 0.58123
published_at 2026-04-04T12:55:00Z
7
value 0.00359
scoring_system epss
scoring_elements 0.58101
published_at 2026-04-02T12:55:00Z
8
value 0.00359
scoring_system epss
scoring_elements 0.58151
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-30251
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30251
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30251
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/
url https://github.com/aio-libs/aiohttp/commit/7eecdff163ccf029fbb1ddc9de4169d4aaeb6597
6
reference_url https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/
url https://github.com/aio-libs/aiohttp/commit/cebe526b9c34dc3a3da9140409db63014bc4cf19
7
reference_url https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/
url https://github.com/aio-libs/aiohttp/commit/f21c6f2ca512a026ce7f0f6c6311f62d6a638866
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5m98-qgg9-wh84
9
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-30251
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-30251
11
reference_url http://www.openwall.com/lists/oss-security/2024/05/02/4
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-02T15:13:44Z/
url http://www.openwall.com/lists/oss-security/2024/05/02/4
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070364
reference_id 1070364
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070364
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2278710
reference_id 2278710
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2278710
14
reference_url https://github.com/advisories/GHSA-5m98-qgg9-wh84
reference_id GHSA-5m98-qgg9-wh84
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5m98-qgg9-wh84
15
reference_url https://security.gentoo.org/glsa/202408-11
reference_id GLSA-202408-11
reference_type
scores
url https://security.gentoo.org/glsa/202408-11
16
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
17
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
18
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie
1
url pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ekqy-23wg-5ugu
2
vulnerability VCID-ft9z-nd6x-27dz
3
vulnerability VCID-jxqg-x9dh-z3hb
4
vulnerability VCID-k122-7d38-2ug5
5
vulnerability VCID-peyu-fxyx-ayde
6
vulnerability VCID-qrus-4szm-c3bj
7
vulnerability VCID-sjws-ddnq-fke2
8
vulnerability VCID-t9gx-etxx-vkgb
9
vulnerability VCID-tn28-662n-vug8
10
vulnerability VCID-ttq3-65ny-skdg
11
vulnerability VCID-vqvz-jfqh-jkaz
12
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.9.5-1%3Fdistro=trixie
4
url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie
5
url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie
aliases CVE-2024-30251, GHSA-5m98-qgg9-wh84
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhkk-2b7c-wfgr
2
url VCID-jxqg-x9dh-z3hb
vulnerability_id VCID-jxqg-x9dh-z3hb
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23829.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23829
reference_id
reference_type
scores
0
value 0.00515
scoring_system epss
scoring_elements 0.66588
published_at 2026-04-07T12:55:00Z
1
value 0.00515
scoring_system epss
scoring_elements 0.66617
published_at 2026-04-04T12:55:00Z
2
value 0.00515
scoring_system epss
scoring_elements 0.66674
published_at 2026-04-18T12:55:00Z
3
value 0.00515
scoring_system epss
scoring_elements 0.6659
published_at 2026-04-02T12:55:00Z
4
value 0.00515
scoring_system epss
scoring_elements 0.6666
published_at 2026-04-16T12:55:00Z
5
value 0.00515
scoring_system epss
scoring_elements 0.66624
published_at 2026-04-13T12:55:00Z
6
value 0.00515
scoring_system epss
scoring_elements 0.66657
published_at 2026-04-12T12:55:00Z
7
value 0.00515
scoring_system epss
scoring_elements 0.66669
published_at 2026-04-11T12:55:00Z
8
value 0.00515
scoring_system epss
scoring_elements 0.6665
published_at 2026-04-09T12:55:00Z
9
value 0.00515
scoring_system epss
scoring_elements 0.66636
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23829
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827
6
reference_url https://github.com/aio-libs/aiohttp/pull/3235
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/3235
7
reference_url https://github.com/aio-libs/aiohttp/pull/8074
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://github.com/aio-libs/aiohttp/pull/8074
8
reference_url https://github.com/aio-libs/aiohttp/pull/8074/files
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/8074/files
9
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2
10
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
11
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml
12
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23829
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23829
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708
reference_id 1062708
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062708
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2261909
reference_id 2261909
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2261909
19
reference_url https://github.com/advisories/GHSA-8qpw-xqxj-h4r2
reference_id GHSA-8qpw-xqxj-h4r2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8qpw-xqxj-h4r2
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
reference_id ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-01T16:40:08Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
21
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
22
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie
1
url pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.9.5-1%3Fdistro=trixie
3
url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie
4
url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie
aliases CVE-2024-23829, GHSA-8qpw-xqxj-h4r2, PYSEC-2024-26
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jxqg-x9dh-z3hb
3
url VCID-pmr9-w1fc-93cm
vulnerability_id VCID-pmr9-w1fc-93cm
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47627.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47627.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-47627
reference_id
reference_type
scores
0
value 0.0026
scoring_system epss
scoring_elements 0.49271
published_at 2026-04-02T12:55:00Z
1
value 0.0026
scoring_system epss
scoring_elements 0.49342
published_at 2026-04-18T12:55:00Z
2
value 0.0026
scoring_system epss
scoring_elements 0.49346
published_at 2026-04-16T12:55:00Z
3
value 0.0026
scoring_system epss
scoring_elements 0.49298
published_at 2026-04-13T12:55:00Z
4
value 0.0026
scoring_system epss
scoring_elements 0.49295
published_at 2026-04-12T12:55:00Z
5
value 0.0026
scoring_system epss
scoring_elements 0.49321
published_at 2026-04-11T12:55:00Z
6
value 0.0026
scoring_system epss
scoring_elements 0.49303
published_at 2026-04-09T12:55:00Z
7
value 0.0026
scoring_system epss
scoring_elements 0.49252
published_at 2026-04-07T12:55:00Z
8
value 0.0026
scoring_system epss
scoring_elements 0.49307
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-47627
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47627
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47627
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/
url https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.8.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.8.6
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-246.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-246.yaml
9
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2249825
reference_id 2249825
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2249825
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47627
reference_id CVE-2023-47627
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-47627
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U/
reference_id FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U/
16
reference_url https://github.com/advisories/GHSA-gfw2-4jvh-wgfg
reference_id GHSA-gfw2-4jvh-wgfg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gfw2-4jvh-wgfg
17
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
18
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
19
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35/
reference_id VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM/
reference_id WQYQL6WV535EEKSNH7KRARLLMOW5WXDM
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-10T19:22:18Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQYQL6WV535EEKSNH7KRARLLMOW5WXDM/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie
1
url pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ekqy-23wg-5ugu
2
vulnerability VCID-ft9z-nd6x-27dz
3
vulnerability VCID-jxqg-x9dh-z3hb
4
vulnerability VCID-k122-7d38-2ug5
5
vulnerability VCID-peyu-fxyx-ayde
6
vulnerability VCID-qrus-4szm-c3bj
7
vulnerability VCID-sjws-ddnq-fke2
8
vulnerability VCID-t9gx-etxx-vkgb
9
vulnerability VCID-tn28-662n-vug8
10
vulnerability VCID-ttq3-65ny-skdg
11
vulnerability VCID-vqvz-jfqh-jkaz
12
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-aiohttp@3.8.6-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.8.6-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.6-1%3Fdistro=trixie
4
url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie
5
url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie
aliases CVE-2023-47627, GHSA-gfw2-4jvh-wgfg, PYSEC-2023-246
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pmr9-w1fc-93cm
4
url VCID-pqus-ew4j-k7da
vulnerability_id VCID-pqus-ew4j-k7da
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23334.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23334.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23334
reference_id
reference_type
scores
0
value 0.93482
scoring_system epss
scoring_elements 0.99822
published_at 2026-04-11T12:55:00Z
1
value 0.93482
scoring_system epss
scoring_elements 0.99824
published_at 2026-04-18T12:55:00Z
2
value 0.93482
scoring_system epss
scoring_elements 0.99821
published_at 2026-04-07T12:55:00Z
3
value 0.93482
scoring_system epss
scoring_elements 0.99823
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23334
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23334
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23334
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/
url https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b
6
reference_url https://github.com/aio-libs/aiohttp/pull/8079
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/
url https://github.com/aio-libs/aiohttp/pull/8079
7
reference_url https://github.com/aio-libs/aiohttp/pull/8079/files
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/8079/files
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
3
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-24.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-24.yaml
10
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23334
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23334
15
reference_url https://www.exploit-db.com/exploits/52474
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/52474
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062709
reference_id 1062709
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062709
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2261887
reference_id 2261887
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2261887
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/52474.txt
reference_id CVE-2024-23334
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/python/webapps/52474.txt
19
reference_url https://github.com/advisories/GHSA-5h86-8mv2-jq9f
reference_id GHSA-5h86-8mv2-jq9f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5h86-8mv2-jq9f
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
reference_id ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T19:29:24Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/
21
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
22
reference_url https://usn.ubuntu.com/6991-1/
reference_id USN-6991-1
reference_type
scores
url https://usn.ubuntu.com/6991-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie
1
url pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ekqy-23wg-5ugu
2
vulnerability VCID-ft9z-nd6x-27dz
3
vulnerability VCID-jxqg-x9dh-z3hb
4
vulnerability VCID-k122-7d38-2ug5
5
vulnerability VCID-peyu-fxyx-ayde
6
vulnerability VCID-qrus-4szm-c3bj
7
vulnerability VCID-sjws-ddnq-fke2
8
vulnerability VCID-t9gx-etxx-vkgb
9
vulnerability VCID-tn28-662n-vug8
10
vulnerability VCID-ttq3-65ny-skdg
11
vulnerability VCID-vqvz-jfqh-jkaz
12
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.9.5-1%3Fdistro=trixie
4
url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie
5
url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie
aliases CVE-2024-23334, GHSA-5h86-8mv2-jq9f, PYSEC-2024-24
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pqus-ew4j-k7da
5
url VCID-t2aj-cszz-tyd7
vulnerability_id VCID-t2aj-cszz-tyd7
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47641.json
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47641.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-47641
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.54908
published_at 2026-04-02T12:55:00Z
1
value 0.00319
scoring_system epss
scoring_elements 0.54934
published_at 2026-04-04T12:55:00Z
2
value 0.00319
scoring_system epss
scoring_elements 0.54961
published_at 2026-04-16T12:55:00Z
3
value 0.00319
scoring_system epss
scoring_elements 0.54924
published_at 2026-04-13T12:55:00Z
4
value 0.00319
scoring_system epss
scoring_elements 0.54947
published_at 2026-04-12T12:55:00Z
5
value 0.00319
scoring_system epss
scoring_elements 0.54965
published_at 2026-04-18T12:55:00Z
6
value 0.00319
scoring_system epss
scoring_elements 0.54953
published_at 2026-04-09T12:55:00Z
7
value 0.00319
scoring_system epss
scoring_elements 0.54954
published_at 2026-04-08T12:55:00Z
8
value 0.00319
scoring_system epss
scoring_elements 0.54904
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-47641
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47641
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:18:44Z/
url https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.8.0
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.8.0
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value LOW
scoring_system cvssv3.1_qr
scoring_elements
3
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:18:44Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-247.yaml
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-247.yaml
9
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2250179
reference_id 2250179
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2250179
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47641
reference_id CVE-2023-47641
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-47641
12
reference_url https://github.com/advisories/GHSA-xx9p-xxvh-7g8j
reference_id GHSA-xx9p-xxvh-7g8j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx9p-xxvh-7g8j
13
reference_url https://security.gentoo.org/glsa/202408-11
reference_id GLSA-202408-11
reference_type
scores
url https://security.gentoo.org/glsa/202408-11
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie
1
url pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-aiohttp@3.8.1-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.8.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.1-1%3Fdistro=trixie
3
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ekqy-23wg-5ugu
2
vulnerability VCID-ft9z-nd6x-27dz
3
vulnerability VCID-jxqg-x9dh-z3hb
4
vulnerability VCID-k122-7d38-2ug5
5
vulnerability VCID-peyu-fxyx-ayde
6
vulnerability VCID-qrus-4szm-c3bj
7
vulnerability VCID-sjws-ddnq-fke2
8
vulnerability VCID-t9gx-etxx-vkgb
9
vulnerability VCID-tn28-662n-vug8
10
vulnerability VCID-ttq3-65ny-skdg
11
vulnerability VCID-vqvz-jfqh-jkaz
12
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie
5
url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie
aliases CVE-2023-47641, GHSA-xx9p-xxvh-7g8j, PYSEC-2023-247
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2aj-cszz-tyd7
6
url VCID-tn28-662n-vug8
vulnerability_id VCID-tn28-662n-vug8
summary 
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
### Summary

A XSS vulnerability exists on index pages for static file handling.

### Details

When using `web.static(..., show_index=True)`, the resulting index pages do not escape file names.

If users can upload files with arbitrary filenames to the static directory, the server is vulnerable to XSS attacks.

### Workaround

We have always recommended using a reverse proxy server (e.g. nginx) for serving static files. Users following the recommendation are unaffected.

Other users can disable `show_index` if unable to upgrade.

-----

Patch: https://github.com/aio-libs/aiohttp/pull/8319/files
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-27306.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27306
reference_id
reference_type
scores
0
value 0.00749
scoring_system epss
scoring_elements 0.73167
published_at 2026-04-18T12:55:00Z
1
value 0.00749
scoring_system epss
scoring_elements 0.73158
published_at 2026-04-16T12:55:00Z
2
value 0.00749
scoring_system epss
scoring_elements 0.73115
published_at 2026-04-13T12:55:00Z
3
value 0.00749
scoring_system epss
scoring_elements 0.73121
published_at 2026-04-12T12:55:00Z
4
value 0.00749
scoring_system epss
scoring_elements 0.73141
published_at 2026-04-11T12:55:00Z
5
value 0.00749
scoring_system epss
scoring_elements 0.73117
published_at 2026-04-09T12:55:00Z
6
value 0.00749
scoring_system epss
scoring_elements 0.73066
published_at 2026-04-07T12:55:00Z
7
value 0.00749
scoring_system epss
scoring_elements 0.73103
published_at 2026-04-08T12:55:00Z
8
value 0.00749
scoring_system epss
scoring_elements 0.73072
published_at 2026-04-02T12:55:00Z
9
value 0.00749
scoring_system epss
scoring_elements 0.73092
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27306
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27306
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://github.com/aio-libs/aiohttp/commit/28335525d1eac015a7e7584137678cbb6ff19397
6
reference_url https://github.com/aio-libs/aiohttp/pull/8319
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://github.com/aio-libs/aiohttp/pull/8319
7
reference_url https://github.com/aio-libs/aiohttp/pull/8319/files
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/8319/files
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-7gpw-8wmc-pm8g
9
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27306
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27306
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665
reference_id 1070665
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070665
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2275989
reference_id 2275989
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2275989
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/
reference_id 2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2EXRGTN2WG7VZLUZ7WOXU5GQJKCPPHKP/
17
reference_url https://github.com/advisories/GHSA-7gpw-8wmc-pm8g
reference_id GHSA-7gpw-8wmc-pm8g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7gpw-8wmc-pm8g
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/
reference_id NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NWEI6NIHZ3G7DURDZVMRK7ZEFC2BTD3U/
19
reference_url https://access.redhat.com/errata/RHSA-2024:3781
reference_id RHSA-2024:3781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3781
20
reference_url https://access.redhat.com/errata/RHSA-2024:5662
reference_id RHSA-2024:5662
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5662
21
reference_url https://access.redhat.com/errata/RHSA-2025:1335
reference_id RHSA-2025:1335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1335
22
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/
reference_id ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T19:36:48Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZIVBMPEY7WWOFMC3CWXFBRQPFECV4SW3/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie
1
url pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.9.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.9.5-1%3Fdistro=trixie
3
url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie
4
url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie
aliases CVE-2024-27306, GHSA-7gpw-8wmc-pm8g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tn28-662n-vug8
7
url VCID-ue33-na1g-rqa7
vulnerability_id VCID-ue33-na1g-rqa7
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49082.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49082.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49082
reference_id
reference_type
scores
0
value 0.00221
scoring_system epss
scoring_elements 0.44786
published_at 2026-04-09T12:55:00Z
1
value 0.00221
scoring_system epss
scoring_elements 0.4482
published_at 2026-04-18T12:55:00Z
2
value 0.00221
scoring_system epss
scoring_elements 0.44826
published_at 2026-04-16T12:55:00Z
3
value 0.00221
scoring_system epss
scoring_elements 0.44773
published_at 2026-04-13T12:55:00Z
4
value 0.00221
scoring_system epss
scoring_elements 0.44772
published_at 2026-04-12T12:55:00Z
5
value 0.00221
scoring_system epss
scoring_elements 0.44802
published_at 2026-04-11T12:55:00Z
6
value 0.00221
scoring_system epss
scoring_elements 0.44783
published_at 2026-04-08T12:55:00Z
7
value 0.00221
scoring_system epss
scoring_elements 0.4473
published_at 2026-04-07T12:55:00Z
8
value 0.00221
scoring_system epss
scoring_elements 0.44791
published_at 2026-04-04T12:55:00Z
9
value 0.00221
scoring_system epss
scoring_elements 0.4477
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49082
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49082
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49082
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://gist.github.com/jnovikov/7f411ae9fe6a9a7804cf162a3bdbb44b
5
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
6
reference_url https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/commit/e4ae01c2077d2cfa116aa82e4ff6866857f7c466
7
reference_url https://github.com/aio-libs/aiohttp/pull/7806/files
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/pull/7806/files
8
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-qvrw-v9rv-5rjx
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-251.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-251.yaml
10
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TY5SI6NK5243DEEDQUFKQKW5GQNKQUMA
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSYWMP64ZFCTC3VO6RY6EC6VSSMV6I3A
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057164
reference_id 1057164
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057164
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2252248
reference_id 2252248
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2252248
15
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49082
reference_id CVE-2023-49082
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49082
16
reference_url https://github.com/advisories/GHSA-qvrw-v9rv-5rjx
reference_id GHSA-qvrw-v9rv-5rjx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qvrw-v9rv-5rjx
17
reference_url https://security.gentoo.org/glsa/202408-11
reference_id GLSA-202408-11
reference_type
scores
url https://security.gentoo.org/glsa/202408-11
18
reference_url https://access.redhat.com/errata/RHSA-2024:1057
reference_id RHSA-2024:1057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1057
19
reference_url https://access.redhat.com/errata/RHSA-2024:1878
reference_id RHSA-2024:1878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1878
20
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie
1
url pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ekqy-23wg-5ugu
2
vulnerability VCID-ft9z-nd6x-27dz
3
vulnerability VCID-jxqg-x9dh-z3hb
4
vulnerability VCID-k122-7d38-2ug5
5
vulnerability VCID-peyu-fxyx-ayde
6
vulnerability VCID-qrus-4szm-c3bj
7
vulnerability VCID-sjws-ddnq-fke2
8
vulnerability VCID-t9gx-etxx-vkgb
9
vulnerability VCID-tn28-662n-vug8
10
vulnerability VCID-ttq3-65ny-skdg
11
vulnerability VCID-vqvz-jfqh-jkaz
12
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-aiohttp@3.9.1-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.9.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.9.1-1%3Fdistro=trixie
4
url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie
5
url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie
aliases CVE-2023-49082, GHSA-qvrw-v9rv-5rjx, PYSEC-2023-251
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ue33-na1g-rqa7
8
url VCID-zrgm-47ph-x3g3
vulnerability_id VCID-zrgm-47ph-x3g3
summary 
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
### Summary
The Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions.

### Impact
If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections.

-----

Patch: https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52304.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52304.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52304
reference_id
reference_type
scores
0
value 0.00456
scoring_system epss
scoring_elements 0.63921
published_at 2026-04-18T12:55:00Z
1
value 0.00456
scoring_system epss
scoring_elements 0.63911
published_at 2026-04-16T12:55:00Z
2
value 0.00456
scoring_system epss
scoring_elements 0.63876
published_at 2026-04-13T12:55:00Z
3
value 0.00456
scoring_system epss
scoring_elements 0.63909
published_at 2026-04-12T12:55:00Z
4
value 0.00456
scoring_system epss
scoring_elements 0.63923
published_at 2026-04-11T12:55:00Z
5
value 0.00456
scoring_system epss
scoring_elements 0.6391
published_at 2026-04-09T12:55:00Z
6
value 0.00456
scoring_system epss
scoring_elements 0.63892
published_at 2026-04-08T12:55:00Z
7
value 0.00456
scoring_system epss
scoring_elements 0.63842
published_at 2026-04-07T12:55:00Z
8
value 0.00456
scoring_system epss
scoring_elements 0.63858
published_at 2026-04-02T12:55:00Z
9
value 0.00456
scoring_system epss
scoring_elements 0.63885
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52304
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52304
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52304
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T15:38:44Z/
url https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71
6
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
2
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T15:38:44Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr
7
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52304
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52304
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088109
reference_id 1088109
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088109
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2327130
reference_id 2327130
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2327130
11
reference_url https://github.com/advisories/GHSA-8495-4g3g-x7pr
reference_id GHSA-8495-4g3g-x7pr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8495-4g3g-x7pr
12
reference_url https://access.redhat.com/errata/RHSA-2024:10766
reference_id RHSA-2024:10766
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10766
13
reference_url https://access.redhat.com/errata/RHSA-2024:11574
reference_id RHSA-2024:11574
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11574
14
reference_url https://access.redhat.com/errata/RHSA-2025:0340
reference_id RHSA-2025:0340
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0340
15
reference_url https://access.redhat.com/errata/RHSA-2025:0341
reference_id RHSA-2025:0341
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0341
16
reference_url https://access.redhat.com/errata/RHSA-2025:0722
reference_id RHSA-2025:0722
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0722
17
reference_url https://access.redhat.com/errata/RHSA-2025:0753
reference_id RHSA-2025:0753
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0753
18
reference_url https://access.redhat.com/errata/RHSA-2025:1101
reference_id RHSA-2025:1101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1101
19
reference_url https://usn.ubuntu.com/7642-1/
reference_id USN-7642-1
reference_type
scores
url https://usn.ubuntu.com/7642-1/
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie
1
url pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ekqy-23wg-5ugu
2
vulnerability VCID-ft9z-nd6x-27dz
3
vulnerability VCID-jxqg-x9dh-z3hb
4
vulnerability VCID-k122-7d38-2ug5
5
vulnerability VCID-peyu-fxyx-ayde
6
vulnerability VCID-qrus-4szm-c3bj
7
vulnerability VCID-sjws-ddnq-fke2
8
vulnerability VCID-t9gx-etxx-vkgb
9
vulnerability VCID-tn28-662n-vug8
10
vulnerability VCID-ttq3-65ny-skdg
11
vulnerability VCID-vqvz-jfqh-jkaz
12
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/python-aiohttp@3.10.11-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.10.11-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.10.11-1%3Fdistro=trixie
4
url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie
5
url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie
aliases CVE-2024-52304, GHSA-8495-4g3g-x7pr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zrgm-47ph-x3g3
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie