VulnerableCode Vulnerability Details - VCID-zf8d-kxf1-sqds

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-zf8d-kxf1-sqds

Essentials
Severities (6)
References (5)
Severity details (6)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-zf8d-kxf1-sqds
Aliases	GHSA-pjjw-qhg8-p2p9 GMS-2023-5095
Summary	aiohttp has vulnerable dependency that is vulnerable to request smuggling ### Summary llhttp 8.1.1 is vulnerable to two request smuggling vulnerabilities. Details have not been disclosed yet, so refer to llhttp for future information. The issue is resolved by using llhttp 9+ (which is included in aiohttp 3.8.6+).
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-444	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

System	Score	Found at
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-pjjw-qhg8-p2p9
generic_textual	MODERATE	https://github.com/aio-libs/aiohttp
generic_textual	MODERATE	https://github.com/aio-libs/aiohttp/commit/996de2629ef6b4c2934a7c04dfd49d0950d4c43b
generic_textual	MODERATE	https://github.com/aio-libs/aiohttp/commit/bcc416e533796d04fb8124ef1e7686b1f338767a
cvssv3.1_qr	MODERATE	https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9
generic_textual	MODERATE	https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9

Reference id	Reference type	URL
		https://github.com/aio-libs/aiohttp
		https://github.com/aio-libs/aiohttp/commit/996de2629ef6b4c2934a7c04dfd49d0950d4c43b
		https://github.com/aio-libs/aiohttp/commit/bcc416e533796d04fb8124ef1e7686b1f338767a
GHSA-pjjw-qhg8-p2p9		https://github.com/advisories/GHSA-pjjw-qhg8-p2p9
GHSA-pjjw-qhg8-p2p9		https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9

No exploits are available.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:52:09.376759+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/aiohttp/GMS-2023-5095.yml	38.0.0