Bug 2252235 (CVE-2023-49081)
Summary: | CVE-2023-49081 aiohttp: HTTP request modification | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Nick Tait <ntait> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | adudiak, bbuckingham, bcourt, caswilli, davidn, dfreiber, dhalasz, drow, ehelms, epacific, gtanzill, hkataria, jburrell, jcammara, jhardy, jmitchel, jneedle, jobarker, jsherril, jtanner, kaycoth, kshier, lzap, mabashia, mhulan, mminar, nmoumoul, orabin, osapryki, pcreech, psegedy, rbiba, rbobbitt, rchan, simaishi, smcdonal, sskracic, stcannon, sthirugn, teagle, tfister, tsasak, vkrizan, vkumar, vmugicag, yguenane, zsadeh |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | aiohttp 3.9.0 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the python-aiohttp package. This issue could allow a remote attacker to modify an existing HTTP request or create a new request that could have minor confidentiality or integrity impacts.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2252236, 2252239, 2252240, 2252241, 2252242, 2252243, 2260511 | ||
Bug Blocks: | 2252237 |
Description
Nick Tait
2023-11-30 10:04:25 UTC
Created python-aiohttp tracking bugs for this issue: Affects: fedora-all [bug 2252236] Created python-aiohttp tracking bugs for this issue: Affects: epel-all [bug 2252239] FEDORA-2023-d5bd6b62e4 has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Ansible Automation Platform 2.4 for RHEL 9 Red Hat Ansible Automation Platform 2.4 for RHEL 8 Via RHSA-2024:1057 https://access.redhat.com/errata/RHSA-2024:1057 This issue has been addressed in the following products: Red Hat Satellite 6.14 for RHEL 8 Via RHSA-2024:1536 https://access.redhat.com/errata/RHSA-2024:1536 This issue has been addressed in the following products: RHUI 4 for RHEL 8 Via RHSA-2024:1878 https://access.redhat.com/errata/RHSA-2024:1878 This issue has been addressed in the following products: Red Hat Satellite 6.15 for RHEL 8 Via RHSA-2024:2010 https://access.redhat.com/errata/RHSA-2024:2010 |