aiohttp has vulnerable dependency that is vulnerable to request smuggling. ### Summary llhttp 8.1.1 is vulnerable to two request smuggling vulnerabilities. Details have not been disclosed yet, so refer to llhttp for future information. The issue is resolved by using llhttp 9+ (which is included in aiohttp 3.8.6+).
Advisories are based on vulnerability information provided by Grype from Anchore.
Products
Chainguard Images© 2024 Chainguard, Inc.