Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AIOHTTP: HTTP response splitting via \r in reason phrase
Vulnerability Description
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, an attacker who controls the reason parameter when creating a Response may be able to inject extra headers or similar exploits. This issue has been patched in version 3.13.4.
CVSS Information
N/A
Vulnerability Type
HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)
Vulnerability Title
aiohttp 注入漏洞
Vulnerability Description
aiohttp是aio-libs开源的一个开源的用于 asyncio 和 Python 的异步 HTTP 客户端/服务器框架。 AIOHTTP 3.13.4之前版本存在注入漏洞,该漏洞源于攻击者在创建Response时控制reason参数可能能够注入额外标头或进行类似利用。
CVSS Information
N/A
Vulnerability Type
N/A