VulnerableCode Package Details - pkg:rpm/redhat/python-aiohttp@3.9.1-1?arch=el9ap

Search for packages

Vulnerability	Summary	Fixed by
VCID-bcuu-jvzt-6fhn Aliases: CVE-2023-49081 GHSA-q3qx-c6g2-7pw2 PYSEC-2023-250	aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.	There are no reported fixed by versions.
VCID-pmr9-w1fc-93cm Aliases: CVE-2023-47627 GHSA-gfw2-4jvh-wgfg PYSEC-2023-246	aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.	There are no reported fixed by versions.
VCID-ue33-na1g-rqa7 Aliases: CVE-2023-49082 GHSA-qvrw-v9rv-5rjx PYSEC-2023-251	aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-bcuu-jvzt-6fhn
Aliases:
CVE-2023-49081
GHSA-q3qx-c6g2-7pw2
PYSEC-2023-250

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.

There are no reported fixed by versions.

VCID-pmr9-w1fc-93cm
Aliases:
CVE-2023-47627
GHSA-gfw2-4jvh-wgfg
PYSEC-2023-246

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.

There are no reported fixed by versions.

VCID-ue33-na1g-rqa7
Aliases:
CVE-2023-49082
GHSA-qvrw-v9rv-5rjx
PYSEC-2023-251

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:51:11.346168+00:00	RedHat Importer	Affected by	VCID-pmr9-w1fc-93cm	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-47627.json	38.0.0
2026-04-01T13:51:02.715192+00:00	RedHat Importer	Affected by	VCID-ue33-na1g-rqa7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49082.json	38.0.0
2026-04-01T13:51:02.458688+00:00	RedHat Importer	Affected by	VCID-bcuu-jvzt-6fhn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49081.json	38.0.0