Back to bug 2224185
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Marian Rehak | 2023-07-20 07:05:54 UTC | Blocks | 2224192 | |
| Marian Rehak | 2023-07-20 08:07:49 UTC | Depends On | 2224226, 2224227, 2224228 | |
| Marian Rehak | 2023-07-20 08:08:32 UTC | CC | adudiak, kshier, stcannon, tfister | |
| Avinash Hanwate | 2023-07-21 11:26:03 UTC | Alias | TRIAGE-CVE-2023-37276 | CVE-2023-37276 |
| Doc Text | aio-libs aiohttp is vulnerable to HTTP request smuggling, caused by a flaw in aiohttp.web.Application. By sending a specially crafted HTTP(S) request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. | |||
| Summary | TRIAGE-CVE-2023-37276 python-aiohttp: HTTP request smuggling via llhttp HTTP request parser | CVE-2023-37276 python-aiohttp: HTTP request smuggling via llhttp HTTP request parser | ||
| Fixed In Version | aiohttp 3.8.5 | |||
| RaTasha Tillery-Smith | 2023-07-21 13:45:13 UTC | Doc Text | aio-libs aiohttp is vulnerable to HTTP request smuggling, caused by a flaw in aiohttp.web.Application. By sending a specially crafted HTTP(S) request, an attacker could exploit this vulnerability to poison the web cache, bypass web application firewall protection, and conduct XSS attacks. | A flaw was found in aio-libs aiohttp, where it is vulnerable to HTTP request smuggling, caused by a flaw in the aiohttp.web.Application. By sending a specially crafted HTTP(S) request, an attacker can poison the web cache, bypass web application firewall protection, and conduct Cross-site scripting (XSS) attacks. |
Back to bug 2224185