Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AIOHTTP: C parser (llhttp) accepts null bytes and control characters in response header values - header injection / security bypass
Vulnerability Description
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, the C parser (the default for most installs) accepted null bytes and control characters in response headers. This issue has been patched in version 3.13.4.
CVSS Information
N/A
Vulnerability Type
HTTP头部中CRLF序列转义处理不恰当(HTTP响应分割)
Vulnerability Title
aiohttp 注入漏洞
Vulnerability Description
aiohttp是aio-libs开源的一个开源的用于 asyncio 和 Python 的异步 HTTP 客户端/服务器框架。 AIOHTTP 3.13.4之前版本存在注入漏洞,该漏洞源于C解析器接受响应标头中的空字节和控制字符。
CVSS Information
N/A
Vulnerability Type
N/A