aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues. https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg https://github.com/aio-libs/aiohttp/commit/d5c12ba890557a575c313bb3017910d7616fce3d
Created pymodbus tracking bugs for this issue: Affects: fedora-all [bug 2250619] Created python-afsapi tracking bugs for this issue: Affects: epel-all [bug 2250616] Created python-aiohttp tracking bugs for this issue: Affects: epel-all [bug 2250614] Affects: fedora-all [bug 2250615] Created python-discord tracking bugs for this issue: Affects: epel-all [bug 2250617] Created python-idna-ssl tracking bugs for this issue: Affects: epel-all [bug 2250618] Created python-pytelegrambotapi tracking bugs for this issue: Affects: fedora-all [bug 2250620]
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 9 Red Hat Ansible Automation Platform 2.4 for RHEL 8 Via RHSA-2024:1057 https://access.redhat.com/errata/RHSA-2024:1057
This issue has been addressed in the following products: Red Hat Satellite 6.14 for RHEL 8 Via RHSA-2024:1536 https://access.redhat.com/errata/RHSA-2024:1536
This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 9 Red Hat Ansible Automation Platform 2.4 for RHEL 8 Via RHSA-2024:1640 https://access.redhat.com/errata/RHSA-2024:1640
This issue has been addressed in the following products: RHUI 4 for RHEL 8 Via RHSA-2024:1878 https://access.redhat.com/errata/RHSA-2024:1878
This issue has been addressed in the following products: Red Hat Satellite 6.15 for RHEL 8 Via RHSA-2024:2010 https://access.redhat.com/errata/RHSA-2024:2010