aiohttp has vulnerable dependency that is vulnerable to request smuggling
Description
Published to the GitHub Advisory Database
Nov 27, 2023
Reviewed
Nov 27, 2023
Last updated
Nov 27, 2023
Credits
-
kenballus Reporter
Summary
llhttp 8.1.1 is vulnerable to two request smuggling vulnerabilities.
Details have not been disclosed yet, so refer to llhttp for future information.
The issue is resolved by using llhttp 9+ (which is included in aiohttp 3.8.6+).
References