AIOHTTP Header Injection Vulnerability via Content-Type Parameter

A CRLF injection vulnerability has been identified in AIOHTTP versions prior to 3.13.4. This issue allows an attacker to manipulate the `content_type` parameter, potentially injecting additional headers or exploiting similar vectors. The vulnerability arises when applications use untrusted data for the multipart `content_type` parameter in request construction, leading to unintended request modifications.

Impact

Exploitation of this vulnerability could allow an attacker to inject arbitrary headers into a multipart request, potentially manipulating the request's behavior or the server's response.

Reproduction

To reproduce this vulnerability, create a multipart request using AIOHTTP version 3.13.3 or earlier. Control the `content_type` parameter by injecting newline characters, which could trick the server into interpreting the data as separate headers. This can be done by adding fields with a `content_type` that includes carriage return or newline characters, bypassing the intended content type handling.

Remediation

Users can upgrade to AIOHTTP version 3.13.4 or later to address this vulnerability.