Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/python-aiohttp@3.8.1-1?distro=trixie
Typedeb
Namespacedebian
Namepython-aiohttp
Version3.8.1-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.8.5-1
Latest_non_vulnerable_version3.13.3-3
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-t2aj-cszz-tyd7
vulnerability_id VCID-t2aj-cszz-tyd7
summary aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Affected versions of aiohttp have a security vulnerability regarding the inconsistent interpretation of the http protocol. HTTP/1.1 is a persistent protocol, if both Content-Length(CL) and Transfer-Encoding(TE) header values are present it can lead to incorrect interpretation of two entities that parse the HTTP and we can poison other sockets with this incorrect interpretation. A possible Proof-of-Concept (POC) would be a configuration with a reverse proxy(frontend) that accepts both CL and TE headers and aiohttp as backend. As aiohttp parses anything with chunked, we can pass a chunked123 as TE, the frontend entity will ignore this header and will parse Content-Length. The impact of this vulnerability is that it is possible to bypass any proxy rule, poisoning sockets to other users like passing Authentication Headers, also if it is present an Open Redirect an attacker could combine it to redirect random users to another website and log the request. This vulnerability has been addressed in release 3.8.0 of aiohttp. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47641.json
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47641.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-47641
reference_id
reference_type
scores
0
value 0.00319
scoring_system epss
scoring_elements 0.54908
published_at 2026-04-02T12:55:00Z
1
value 0.00319
scoring_system epss
scoring_elements 0.54934
published_at 2026-04-04T12:55:00Z
2
value 0.00319
scoring_system epss
scoring_elements 0.54961
published_at 2026-04-16T12:55:00Z
3
value 0.00319
scoring_system epss
scoring_elements 0.54924
published_at 2026-04-13T12:55:00Z
4
value 0.00319
scoring_system epss
scoring_elements 0.54947
published_at 2026-04-12T12:55:00Z
5
value 0.00319
scoring_system epss
scoring_elements 0.54965
published_at 2026-04-18T12:55:00Z
6
value 0.00319
scoring_system epss
scoring_elements 0.54953
published_at 2026-04-09T12:55:00Z
7
value 0.00319
scoring_system epss
scoring_elements 0.54954
published_at 2026-04-08T12:55:00Z
8
value 0.00319
scoring_system epss
scoring_elements 0.54904
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-47641
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47641
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47641
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/aio-libs/aiohttp
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp
5
reference_url https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:18:44Z/
url https://github.com/aio-libs/aiohttp/commit/f016f0680e4ace6742b03a70cb0382ce86abe371
6
reference_url https://github.com/aio-libs/aiohttp/releases/tag/v3.8.0
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp/releases/tag/v3.8.0
7
reference_url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value LOW
scoring_system cvssv3.1_qr
scoring_elements
3
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
4
value LOW
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:18:44Z/
url https://github.com/aio-libs/aiohttp/security/advisories/GHSA-xx9p-xxvh-7g8j
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-247.yaml
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2023-247.yaml
9
reference_url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
reference_id
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2250179
reference_id 2250179
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2250179
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47641
reference_id CVE-2023-47641
reference_type
scores
0
value 3.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-47641
12
reference_url https://github.com/advisories/GHSA-xx9p-xxvh-7g8j
reference_id GHSA-xx9p-xxvh-7g8j
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xx9p-xxvh-7g8j
13
reference_url https://security.gentoo.org/glsa/202408-11
reference_id GLSA-202408-11
reference_type
scores
url https://security.gentoo.org/glsa/202408-11
fixed_packages
0
url pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%3Fdistro=trixie
1
url pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.7.4-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.7.4-1%252Bdeb11u1%3Fdistro=trixie
2
url pkg:deb/debian/python-aiohttp@3.8.1-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.8.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.1-1%3Fdistro=trixie
3
url pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.8.4-1%2Bdeb12u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ekqy-23wg-5ugu
2
vulnerability VCID-ft9z-nd6x-27dz
3
vulnerability VCID-jxqg-x9dh-z3hb
4
vulnerability VCID-k122-7d38-2ug5
5
vulnerability VCID-peyu-fxyx-ayde
6
vulnerability VCID-qrus-4szm-c3bj
7
vulnerability VCID-sjws-ddnq-fke2
8
vulnerability VCID-t9gx-etxx-vkgb
9
vulnerability VCID-tn28-662n-vug8
10
vulnerability VCID-ttq3-65ny-skdg
11
vulnerability VCID-vqvz-jfqh-jkaz
12
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.4-1%252Bdeb12u1%3Fdistro=trixie
4
url pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.11.16-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-d3pa-kwgz-vuag
1
vulnerability VCID-ft9z-nd6x-27dz
2
vulnerability VCID-k122-7d38-2ug5
3
vulnerability VCID-peyu-fxyx-ayde
4
vulnerability VCID-qrus-4szm-c3bj
5
vulnerability VCID-sjws-ddnq-fke2
6
vulnerability VCID-t9gx-etxx-vkgb
7
vulnerability VCID-vqvz-jfqh-jkaz
8
vulnerability VCID-zm3a-mf2z-xfcm
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.11.16-1%3Fdistro=trixie
5
url pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
purl pkg:deb/debian/python-aiohttp@3.13.3-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.13.3-3%3Fdistro=trixie
aliases CVE-2023-47641, GHSA-xx9p-xxvh-7g8j, PYSEC-2023-247
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t2aj-cszz-tyd7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/python-aiohttp@3.8.1-1%3Fdistro=trixie