VulnerableCode Package Details - pkg:deb/debian/python-aiohttp@3.9.1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-bcuu-jvzt-6fhn	aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.	CVE-2023-49081 GHSA-q3qx-c6g2-7pw2 PYSEC-2023-250
VCID-ue33-na1g-rqa7	aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.	CVE-2023-49082 GHSA-qvrw-v9rv-5rjx PYSEC-2023-251

Vulnerability

Summary

Aliases

VCID-bcuu-jvzt-6fhn

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.

CVE-2023-49081
GHSA-q3qx-c6g2-7pw2
PYSEC-2023-250

VCID-ue33-na1g-rqa7

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.

CVE-2023-49082
GHSA-qvrw-v9rv-5rjx
PYSEC-2023-251

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:12:40.298148+00:00	Debian Importer	Fixing	VCID-ue33-na1g-rqa7	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:13:55.689740+00:00	Debian Importer	Fixing	VCID-bcuu-jvzt-6fhn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:37:16.879696+00:00	Debian Importer	Fixing	VCID-ue33-na1g-rqa7	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:52:47.697190+00:00	Debian Importer	Fixing	VCID-bcuu-jvzt-6fhn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:35.165380+00:00	Debian Importer	Fixing	VCID-ue33-na1g-rqa7	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:35.107353+00:00	Debian Importer	Fixing	VCID-bcuu-jvzt-6fhn	https://security-tracker.debian.org/tracker/data/json	38.1.0