We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.10.11 fixes the issue.
Reserved 2024-11-06 | Published 2024-11-18 | Updated 2024-11-21 | Assigner GitHub_Mgithub.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr
github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71
Support options