Primary

Context

AIOHTTP Request Smuggling Vulnerability in Python Parser

Vulnerability

Patched

A request smuggling vulnerability has been identified in AIOHTTP versions through 3.12.13. The issue arises because the Python parser does not properly handle trailer sections of HTTP requests. This vulnerability is present in the pure Python version of AIOHTTP, excluding the typical C extensions, or when the AIOHTTP_NO_EXTENSIONS option is activated. An attacker could exploit this flaw to perform request smuggling attacks, potentially circumventing certain firewall or proxy defenses.

Impact

Exploitation of this vulnerability could lead to successful request smuggling attacks, allowing an attacker to bypass specific firewall or proxy protections.

Remediation

Users can upgrade to AIOHTTP version 3.12.14 or later to address this vulnerability.

Added: Jul 14, 2025, 9:19 PM

Updated: Jul 14, 2025, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

8.8

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

8.8

remediation

7.7

relevance

0.3

threat

3.2

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AIOHTTP Request Smuggling Vulnerability in Python Parser

Vulnerability

Impact

Remediation

Affected Products

aiohttp

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating