Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
aiohttp's ClientSession is vulnerable to CRLF injection via version
Vulnerability Description
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Vulnerability Type
输入验证不恰当
Vulnerability Title
aiohttp 安全漏洞
Vulnerability Description
aiohttp是一个开源的用于 asyncio 和 Python 的异步 HTTP 客户端/服务器框架。 aiohttp 3.9.0之前版本存在安全漏洞,该漏洞源于不正确的验证使攻击者可以修改HTTP 请求或在攻击者控制HTTP 版本的情况下创建新的HTTP 请求。
CVSS Information
N/A
Vulnerability Type
N/A