Safety vulnerability ID: 74251
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of aiohttp are vulnerable to HTTP Request Smuggling (CWE-444). This vulnerability allows attackers to inject malicious HTTP messages by including line feeds (LF) in chunk extensions, potentially bypassing security controls and executing unauthorized actions. The attack vector involves sending specially crafted chunked HTTP requests to exploit the improper parsing in the HttpPayloadParser class. To mitigate, upgrade to aiohttp version which validates chunk extensions by rejecting any containing unexpected LFs, thereby preventing request smuggling attacks.
Latest version: 3.11.11
Async http client/server framework (asyncio)
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application