[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-23829":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":37,"duplicate_of":9,"upstream":40,"downstream":41,"duplicates":60,"related":61,"reserved_at":9,"published_at":69,"modified_at":70,"state":71,"summary":72,"references_raw":80,"kevs":150,"epss":151,"epss_history":154,"metrics":417,"affected":430},"CVE-2024-23829","aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input.  Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[28],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":35,"type":9,"platforms":36,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_AIO-LIBS_AIOHTTP","Aiohttp","github","https://github.com/aio-libs/aiohttp/issues/6772","poc",0.3,false,[],[38,39],"GHSA-8qpw-xqxj-h4r2","PYSEC-2024-26",[],[42,44,46,48,50,52,54,56,58],{"_key":43},"SUSE-SU-2024:0577-1",{"_key":45},"UBUNTU-CVE-2024-23829",{"_key":47},"DLA-4041-1",{"_key":49},"USN-7642-1",{"_key":51},"DEBIAN-CVE-2024-23829",{"_key":53},"RHSA-2024:1536",{"_key":55},"RHSA-2024:1878",{"_key":57},"RHSA-2024:2010",{"_key":59},"RHSA-2024:1640",[],[62,63,65,67],{"_key":43},{"_key":64},"CGA-R956-Q5VJ-7J4R",{"_key":66},"CGA-XRRM-QGHM-FWMV",{"_key":68},"CGA-549R-535H-MRP9","2024-01-29T22:41:35.032Z","2025-11-03T20:36:49.579Z","Modified",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":73,"epss_score":74,"severity":75,"severity_score":76,"severity_version":77,"severity_source":78,"severity_vector":79,"severity_status":71},"low",0.00488,"medium",6.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",[81,93,99,103,109,113,117,121,125,129,133,138,142,146],{"url":82,"sources":83,"tags":86},"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2",[78,84,85],"nvd","osv_pypi",[87,88,89,90,91,92],"X Refsource CONFIRM","Exploit","Patch","Vendor Advisory","WEB","Advisory",{"url":94,"sources":95,"tags":96},"https://github.com/aio-libs/aiohttp/pull/8074",[78,84,85],[97,89,91,98],"X Refsource MISC","FIX",{"url":100,"sources":101,"tags":102},"https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827",[78,84,85],[97,89,91,98],{"url":104,"sources":105,"tags":106},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/",[78,84,85],[107,108],"Mailing List","ARTICLE",{"url":110,"sources":111,"tags":112},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/",[78,84],[],{"url":114,"sources":115,"tags":116},"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html",[78,84,85],[91],{"url":118,"sources":119,"tags":120},"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-gfw2-4jvh-wgfg",[85],[91],{"url":122,"sources":123,"tags":124},"https://nvd.nist.gov/vuln/detail/CVE-2024-23829",[85],[92],{"url":126,"sources":127,"tags":128},"https://github.com/aio-libs/aiohttp/pull/3235",[85],[91],{"url":130,"sources":131,"tags":132},"https://github.com/aio-libs/aiohttp/pull/8074/files",[85],[91],{"url":134,"sources":135,"tags":136},"https://github.com/aio-libs/aiohttp",[85],[137],"PACKAGE",{"url":139,"sources":140,"tags":141},"https://github.com/pypa/advisory-database/tree/main/vulns/aiohttp/PYSEC-2024-26.yaml",[85],[91],{"url":143,"sources":144,"tags":145},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD",[85],[91],{"url":147,"sources":148,"tags":149},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7",[85],[91],[],{"date":152,"score":74,"percentile":153},"2026-06-04",0.65815,[155,159,162,165,168,171,174,177,180,183,186,189,192,194,196,200,203,206,210,213,216,219,222,224,227,230,233,236,239,242,245,248,251,253,256,258,261,263,266,269,272,275,278,281,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,365,368,371,374,377,380,383,385,388,391,394,397,400,402,404,407,410,412,414],{"date":156,"score":157,"percentile":158},"2025-11-04",0.0038,0.58798,{"date":160,"score":157,"percentile":161},"2025-11-05",0.58783,{"date":163,"score":157,"percentile":164},"2025-11-06",0.5879,{"date":166,"score":157,"percentile":167},"2025-11-07",0.58811,{"date":169,"score":157,"percentile":170},"2025-11-08",0.58807,{"date":172,"score":157,"percentile":173},"2025-11-09",0.58795,{"date":175,"score":157,"percentile":176},"2025-11-10",0.58771,{"date":178,"score":157,"percentile":179},"2025-11-11",0.58784,{"date":181,"score":157,"percentile":182},"2025-11-12",0.58808,{"date":184,"score":157,"percentile":185},"2025-11-13",0.58815,{"date":187,"score":157,"percentile":188},"2025-11-14",0.58821,{"date":190,"score":157,"percentile":191},"2025-11-15",0.58812,{"date":193,"score":157,"percentile":173},"2025-11-16",{"date":195,"score":157,"percentile":164},"2025-11-17",{"date":197,"score":198,"percentile":199},"2025-11-18",0.01062,0.75769,{"date":201,"score":198,"percentile":202},"2025-11-19",0.75775,{"date":204,"score":198,"percentile":205},"2025-11-20",0.75785,{"date":207,"score":208,"percentile":209},"2025-11-21",0.00391,0.59426,{"date":211,"score":208,"percentile":212},"2025-11-22",0.59424,{"date":214,"score":208,"percentile":215},"2025-11-23",0.59401,{"date":217,"score":157,"percentile":218},"2025-11-24",0.58773,{"date":220,"score":157,"percentile":221},"2025-11-25",0.58778,{"date":223,"score":157,"percentile":221},"2025-11-26",{"date":225,"score":157,"percentile":226},"2025-11-27",0.58782,{"date":228,"score":157,"percentile":229},"2025-11-28",0.58755,{"date":231,"score":157,"percentile":232},"2025-11-29",0.58733,{"date":234,"score":157,"percentile":235},"2025-11-30",0.58723,{"date":237,"score":157,"percentile":238},"2025-12-01",0.58875,{"date":240,"score":157,"percentile":241},"2025-12-02",0.58892,{"date":243,"score":157,"percentile":244},"2025-12-03",0.58895,{"date":246,"score":157,"percentile":247},"2025-12-04",0.58726,{"date":249,"score":157,"percentile":250},"2025-12-05",0.58731,{"date":252,"score":157,"percentile":235},"2025-12-06",{"date":254,"score":157,"percentile":255},"2025-12-07",0.58714,{"date":257,"score":157,"percentile":255},"2025-12-08",{"date":259,"score":157,"percentile":260},"2025-12-09",0.58743,{"date":262,"score":157,"percentile":158},"2025-12-10",{"date":264,"score":157,"percentile":265},"2025-12-11",0.5882,{"date":267,"score":157,"percentile":268},"2025-12-12",0.58837,{"date":270,"score":157,"percentile":271},"2025-12-13",0.58841,{"date":273,"score":157,"percentile":274},"2025-12-14",0.58834,{"date":276,"score":157,"percentile":277},"2025-12-15",0.58814,{"date":279,"score":157,"percentile":280},"2025-12-16",0.58831,{"date":282,"score":283,"percentile":284},"2025-12-17",0.0035,0.56905,{"date":286,"score":283,"percentile":287},"2025-12-18",0.56945,{"date":289,"score":283,"percentile":290},"2025-12-19",0.56953,{"date":292,"score":283,"percentile":293},"2025-12-20",0.56949,{"date":295,"score":283,"percentile":296},"2025-12-21",0.56928,{"date":298,"score":283,"percentile":299},"2025-12-22",0.56911,{"date":301,"score":283,"percentile":302},"2025-12-23",0.56916,{"date":304,"score":283,"percentile":305},"2025-12-24",0.56925,{"date":307,"score":283,"percentile":308},"2025-12-25",0.5697,{"date":310,"score":283,"percentile":311},"2025-12-26",0.56966,{"date":313,"score":283,"percentile":314},"2025-12-27",0.57017,{"date":316,"score":157,"percentile":317},"2025-12-28",0.58909,{"date":319,"score":157,"percentile":320},"2025-12-29",0.58898,{"date":322,"score":157,"percentile":323},"2025-12-30",0.58912,{"date":325,"score":157,"percentile":326},"2025-12-31",0.58937,{"date":328,"score":157,"percentile":329},"2026-01-01",0.59108,{"date":331,"score":157,"percentile":332},"2026-01-02",0.59094,{"date":334,"score":157,"percentile":335},"2026-01-03",0.59091,{"date":337,"score":157,"percentile":338},"2026-01-04",0.58913,{"date":340,"score":157,"percentile":341},"2026-01-05",0.58905,{"date":343,"score":157,"percentile":344},"2026-01-06",0.58914,{"date":346,"score":157,"percentile":347},"2026-01-07",0.58942,{"date":349,"score":157,"percentile":350},"2026-01-08",0.58968,{"date":352,"score":157,"percentile":353},"2026-01-09",0.58974,{"date":355,"score":157,"percentile":356},"2026-01-10",0.58971,{"date":358,"score":157,"percentile":359},"2026-01-11",0.58953,{"date":361,"score":157,"percentile":362},"2026-01-12",0.58925,{"date":364,"score":157,"percentile":320},"2026-01-13",{"date":366,"score":157,"percentile":367},"2026-01-14",0.58945,{"date":369,"score":157,"percentile":370},"2026-01-15",0.58949,{"date":372,"score":157,"percentile":373},"2026-01-16",0.5897,{"date":375,"score":157,"percentile":376},"2026-01-17",0.58963,{"date":378,"score":157,"percentile":379},"2026-01-18",0.58957,{"date":381,"score":157,"percentile":382},"2026-01-19",0.58939,{"date":384,"score":157,"percentile":367},"2026-01-20",{"date":386,"score":157,"percentile":387},"2026-01-21",0.58947,{"date":389,"score":157,"percentile":390},"2026-01-22",0.5895,{"date":392,"score":157,"percentile":393},"2026-01-23",0.58993,{"date":395,"score":157,"percentile":396},"2026-01-24",0.59,{"date":398,"score":157,"percentile":399},"2026-01-25",0.58961,{"date":401,"score":157,"percentile":387},"2026-01-26",{"date":403,"score":157,"percentile":379},"2026-01-27",{"date":405,"score":157,"percentile":406},"2026-01-28",0.58965,{"date":408,"score":157,"percentile":409},"2026-01-29",0.58966,{"date":411,"score":157,"percentile":409},"2026-01-30",{"date":413,"score":157,"percentile":350},"2026-01-31",{"date":415,"score":157,"percentile":416},"2026-02-01",0.59113,[418,423,425],{"source":78,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":419,"cvss_v4_0":9},{"baseScore":76,"baseSeverity":420,"vectorString":79,"impactScore":421,"exploitabilityScore":422},"MEDIUM",4.2,10,{"source":84,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":424,"cvss_v4_0":9},{"baseScore":76,"baseSeverity":420,"vectorString":79,"impactScore":421,"exploitabilityScore":422},{"source":85,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":426,"cvss_v4_0":427},{"baseScore":76,"baseSeverity":9,"vectorString":79,"impactScore":421,"exploitabilityScore":422},{"baseScore":428,"baseSeverity":9,"vectorString":429,"impactScore":9,"exploitabilityScore":9},6.9,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",[431,441,446,453],{"ecosystem":9,"name":432,"vendor":433,"product":432,"cpe_part":434,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":435},"aiohttp","aio-libs","a",[436],{"version":437,"is_range":438,"range_type":78,"version_start":9,"version_start_type":9,"version_end":439,"version_end_type":440,"fixed_in":9},"\u003C 3.9.2",true,"3.9.2","excluding",{"ecosystem":9,"name":432,"vendor":432,"product":432,"cpe_part":434,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":442},[443],{"version":444,"is_range":438,"range_type":445,"version_start":9,"version_start_type":9,"version_end":439,"version_end_type":440,"fixed_in":9},"lt3.9.2","cpe",{"ecosystem":9,"name":447,"vendor":448,"product":447,"cpe_part":449,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":450},"fedora","fedoraproject","o",[451],{"version":452,"is_range":35,"range_type":445,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"39",{"ecosystem":454,"name":432,"vendor":454,"product":432,"cpe_part":9,"purl_type":455,"purl_namespace":9,"purl_name":432,"source":9,"versions":456},"PyPI","pypi",[457,461],{"version":458,"is_range":438,"range_type":459,"version_start":9,"version_start_type":9,"version_end":460,"version_end_type":440,"fixed_in":9},"lt33ccdfb0a12690af5bb49bda2319ec0907fa7827","ecosystem","33ccdfb0a12690af5bb49bda2319ec0907fa7827",{"version":462,"is_range":438,"range_type":459,"version_start":9,"version_start_type":9,"version_end":439,"version_end_type":440,"fixed_in":9},"lt3_9_2"]