Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/aiohttp@2.4.0
Typepypi
Namespace
Nameaiohttp
Version2.4.0
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.9.2
Latest_non_vulnerable_version3.14.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-q2b1-r2cv-83b5
vulnerability_id VCID-q2b1-r2cv-83b5
summary aio-libs aiohttp-session contains a Session Fixation vulnerability in load_session function for RedisStorage (see: https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L42) that can result in Session Hijacking. This attack appear to be exploitable via Any method that allows setting session cookies (?session=<>, or meta tags or script tags with Set-Cookie).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000519
reference_id
reference_type
scores
0
value 0.00217
scoring_system epss
scoring_elements 0.44303
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000519
1
reference_url https://github.com/advisories/GHSA-fpwp-69xv-c67f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-fpwp-69xv-c67f
2
reference_url https://github.com/aio-libs/aiohttp-session
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp-session
3
reference_url https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L60
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp-session/blob/master/aiohttp_session/redis_storage.py#L60
4
reference_url https://github.com/aio-libs/aiohttp-session/commit/6b7864004d3442dbcfaf8687f63262c1c629f569
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp-session/commit/6b7864004d3442dbcfaf8687f63262c1c629f569
5
reference_url https://github.com/aio-libs/aiohttp-session/issues/272
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/aio-libs/aiohttp-session/issues/272
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp-session/PYSEC-2018-80.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp-session/PYSEC-2018-80.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1000519
reference_id CVE-2018-1000519
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-1000519
fixed_packages
0
url pkg:pypi/aiohttp@2.4.0
purl pkg:pypi/aiohttp@2.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@2.4.0
1
url pkg:pypi/aiohttp@3.0.0b0
purl pkg:pypi/aiohttp@3.0.0b0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2nje-sqj3-pugm
1
vulnerability VCID-48db-pv6y-3bb3
2
vulnerability VCID-5p2v-fh76-tues
3
vulnerability VCID-cu3k-ug29-93hr
4
vulnerability VCID-uw2u-75sa-xkev
5
vulnerability VCID-v5nd-ax84-jqdf
6
vulnerability VCID-vc4c-6yc6-k3hn
7
vulnerability VCID-zeyf-7kuj-wfag
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@3.0.0b0
aliases CVE-2018-1000519, GHSA-fpwp-69xv-c67f, PYSEC-2018-80
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2b1-r2cv-83b5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/aiohttp@2.4.0