Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
aiohttp's ClientSession is vulnerable to CRLF injection via method
Vulnerability Description
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
对CRLF序列的转义处理不恰当(CRLF注入)
Vulnerability Title
aiohttp 注入漏洞
Vulnerability Description
aiohttp是一个开源的用于 asyncio 和 Python 的异步 HTTP 客户端/服务器框架。 aiohttp 3.9.0之前版本存在注入漏洞,该漏洞源于不正确的验证使攻击者可以修改 HTTP 请求(例如插入新标头),甚至在攻击者控制 HTTP 方法的情况下可以创建新的 HTTP 请求。
CVSS Information
N/A
Vulnerability Type
N/A