MEDIUM

GHSA-pjjw-qhg8-p2p9

aiohttp has vulnerable dependency that is vulnerable to request smuggling

Details

### Summary llhttp 8.1.1 is vulnerable to two request smuggling vulnerabilities. Details have not been disclosed yet, so refer to llhttp for future information. The issue is resolved by using llhttp 9+ (which is included in aiohttp 3.8.6+).

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / aiohttp

Introduced in: 0 Fixed in: 3.8.6

Fix pip install --upgrade 'aiohttp>=3.8.6'

References

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9 [WEB]
https://github.com/aio-libs/aiohttp/commit/996de2629ef6b4c2934a7c04dfd49d0950d4c43b [WEB]
https://github.com/aio-libs/aiohttp/commit/bcc416e533796d04fb8124ef1e7686b1f338767a [WEB]
https://github.com/aio-libs/aiohttp [PACKAGE]