You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit d5c12ba89 which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.
CVE-2023-47627 - High Severity Vulnerability
Vulnerable Library - aiohttp-3.7.4.post0-cp37-cp37m-manylinux2014_x86_64.whl
Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/88/c0/5890b4c8b04a79b7360e8fe4490feb0bb3ab179743f199f0e6220cebd568/aiohttp-3.7.4.post0-cp37-cp37m-manylinux2014_x86_64.whl
Path to dependency file: /tmp/ws-scm/easycv
Path to vulnerable library: /easycv
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit
d5c12ba89
which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.Publish Date: 2023-11-14
URL: CVE-2023-47627
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-gfw2-4jvh-wgfg
Release Date: 2023-11-14
Fix Resolution: 3.8.6
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: