PyPi: Aiohttp

CVE-2023-49081

Safety vulnerability ID: 62582

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Nov 30, 2023 Updated at Oct 28, 2025

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of the `aiohttp` package are vulnerable to Improper Input Validation due to insufficient checks on the HTTP version of incoming requests. The vulnerability arises because the HTTP request handling mechanism does not adequately validate the HTTP version, allowing manipulation if controlled by an attacker. An attacker with the ability to influence the HTTP version can exploit this flaw to inject new headers or craft entirely new HTTP requests, potentially leading to unauthorized actions or data exposure.

Affected package

aiohttp

Latest version: 3.13.2

Async http client/server framework (asyncio)

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.3

CVSS v3 Details

MEDIUM 5.3

Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality Impact (C): NONE
Integrity Impact (I): LOW
Availability Availability (A): NONE