Security advisories

GHSA-pjjw-qhg8-p2p9

Published

Last updated

https://github.com/advisories/GHSA-pjjw-qhg8-p2p9

Description

aiohttp has vulnerable dependency that is vulnerable to request smuggling. ### Summary llhttp 8.1.1 is vulnerable to two request smuggling vulnerabilities. Details have not been disclosed yet, so refer to llhttp for future information. The issue is resolved by using llhttp 9+ (which is included in aiohttp 3.8.6+).

References

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9
https://github.com/aio-libs/aiohttp/commit/996de2629ef6b4c2934a7c04dfd49d0950d4c43b
https://github.com/aio-libs/aiohttp/commit/bcc416e533796d04fb8124ef1e7686b1f338767a
https://github.com/aio-libs/aiohttp

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore.

Changes to static, git and busybox images

Products

Chainguard Images

Developer

Open source Docs

Resources

Unchained blog Chainguard Labs Customer stories Scanners Security Education

Company

About Newsroom Careers Chainguard love Legal Contact

Twitter GitHub LinkedIn TikTok