aiohttp has vulnerable dependency that is vulnerable to request smuggling

GHSA-pjjw-qhg8-p2p9

Published Nov 27, 2023 · Modified Feb 4, 2026

Description

Summary

llhttp 8.1.1 is vulnerable to two request smuggling vulnerabilities.
Details have not been disclosed yet, so refer to llhttp for future information.
The issue is resolved by using llhttp 9+ (which is included in aiohttp 3.8.6+).

References

WEB https://github.com/aio-libs/aiohttp/security/advisories/GHSA-pjjw-qhg8-p2p9
WEB https://github.com/aio-libs/aiohttp/commit/996de2629ef6b4c2934a7c04dfd49d0950d4c43b
WEB https://github.com/aio-libs/aiohttp/commit/bcc416e533796d04fb8124ef1e7686b1f338767a
PACKAGE https://github.com/aio-libs/aiohttp

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes