[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-52304":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":54,"related":55,"reserved_at":9,"published_at":69,"modified_at":70,"state":71,"summary":72,"references_raw":81,"kevs":111,"epss":112,"epss_history":115,"metrics":381,"affected":396},"CVE-2024-52304","aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.10.11 fixes the issue.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[29],"GHSA-8495-4g3g-x7pr",[],[32,34,36,38,40,42,44,46,48,50,52],{"_key":33},"UBUNTU-CVE-2024-52304",{"_key":35},"SUSE-SU-2024:4077-1",{"_key":37},"SUSE-SU-2024:4110-1",{"_key":39},"DLA-4041-1",{"_key":41},"DSA-5828-1",{"_key":43},"MGASA-2024-0388",{"_key":45},"USN-7642-1",{"_key":47},"DEBIAN-CVE-2024-52304",{"_key":49},"RHSA-2024:10766",{"_key":51},"RHSA-2024:11574",{"_key":53},"RHSA-2025:0340",[],[56,57,58,59,61,63,65,67],{"_key":35},{"_key":37},{"_key":43},{"_key":60},"CGA-CFJ5-H64X-V2XX",{"_key":62},"CGA-HC89-W3PF-6CXJ",{"_key":64},"CGA-MG7J-PXGM-C3F8",{"_key":66},"CGA-X336-FVXC-V695",{"_key":68},"CGA-XHPQ-XJPC-GFGP","2024-11-18T20:12:48.612Z","2025-11-03T20:45:25.646Z","Modified",{"cisa_kev":73,"cisa_ransomware":73,"cisa_vendor":9,"epss_severity":74,"epss_score":75,"severity":76,"severity_score":77,"severity_version":78,"severity_source":79,"severity_vector":80,"severity_status":71},false,"low",0.0042,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[82,91,97,101,106],{"url":83,"sources":84,"tags":87},"https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8495-4g3g-x7pr",[85,79,86],"cve.org","osv_pypi",[88,89,90],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":92,"sources":93,"tags":94},"https://github.com/aio-libs/aiohttp/commit/259edc369075de63e6f3a4eaade058c62af0df71",[85,79,86],[95,96,90],"X Refsource MISC","Patch",{"url":98,"sources":99,"tags":100},"https://lists.debian.org/debian-lts-announce/2025/02/msg00002.html",[85,79,86],[90],{"url":102,"sources":103,"tags":104},"https://nvd.nist.gov/vuln/detail/CVE-2024-52304",[86],[105],"Advisory",{"url":107,"sources":108,"tags":109},"https://github.com/aio-libs/aiohttp",[86],[110],"PACKAGE",[],{"date":113,"score":75,"percentile":114},"2026-06-04",0.6225,[116,120,123,126,129,131,134,137,140,143,146,149,152,155,158,162,165,168,171,174,177,180,183,186,189,192,195,198,201,204,206,208,211,214,217,220,223,225,228,231,234,237,240,243,246,249,252,255,257,259,262,265,268,271,275,278,281,284,287,290,293,296,299,302,305,308,311,314,317,320,323,326,329,331,334,337,340,343,346,349,352,355,358,361,363,366,369,372,375,378],{"date":117,"score":118,"percentile":119},"2025-11-04",0.00253,0.48511,{"date":121,"score":118,"percentile":122},"2025-11-05",0.48491,{"date":124,"score":118,"percentile":125},"2025-11-06",0.48503,{"date":127,"score":118,"percentile":128},"2025-11-07",0.48532,{"date":130,"score":118,"percentile":128},"2025-11-08",{"date":132,"score":118,"percentile":133},"2025-11-09",0.48514,{"date":135,"score":118,"percentile":136},"2025-11-10",0.48486,{"date":138,"score":118,"percentile":139},"2025-11-11",0.48499,{"date":141,"score":118,"percentile":142},"2025-11-12",0.48525,{"date":144,"score":118,"percentile":145},"2025-11-13",0.48528,{"date":147,"score":118,"percentile":148},"2025-11-14",0.4854,{"date":150,"score":118,"percentile":151},"2025-11-15",0.48535,{"date":153,"score":118,"percentile":154},"2025-11-16",0.4852,{"date":156,"score":118,"percentile":157},"2025-11-17",0.48494,{"date":159,"score":160,"percentile":161},"2025-11-18",0.00246,0.44389,{"date":163,"score":160,"percentile":164},"2025-11-19",0.44397,{"date":166,"score":160,"percentile":167},"2025-11-20",0.44403,{"date":169,"score":118,"percentile":170},"2025-11-21",0.48484,{"date":172,"score":118,"percentile":173},"2025-11-22",0.48481,{"date":175,"score":118,"percentile":176},"2025-11-23",0.48449,{"date":178,"score":118,"percentile":179},"2025-11-24",0.48433,{"date":181,"score":118,"percentile":182},"2025-11-25",0.48435,{"date":184,"score":118,"percentile":185},"2025-11-26",0.48434,{"date":187,"score":118,"percentile":188},"2025-11-27",0.48439,{"date":190,"score":118,"percentile":191},"2025-11-28",0.4841,{"date":193,"score":118,"percentile":194},"2025-11-29",0.48391,{"date":196,"score":118,"percentile":197},"2025-11-30",0.48378,{"date":199,"score":118,"percentile":200},"2025-12-01",0.4853,{"date":202,"score":118,"percentile":203},"2025-12-02",0.48547,{"date":205,"score":118,"percentile":148},"2025-12-03",{"date":207,"score":118,"percentile":197},"2025-12-04",{"date":209,"score":118,"percentile":210},"2025-12-05",0.48398,{"date":212,"score":118,"percentile":213},"2025-12-06",0.48399,{"date":215,"score":118,"percentile":216},"2025-12-07",0.48385,{"date":218,"score":118,"percentile":219},"2025-12-08",0.48389,{"date":221,"score":118,"percentile":222},"2025-12-09",0.48418,{"date":224,"score":118,"percentile":173},"2025-12-10",{"date":226,"score":118,"percentile":227},"2025-12-11",0.48497,{"date":229,"score":118,"percentile":230},"2025-12-12",0.48522,{"date":232,"score":118,"percentile":233},"2025-12-13",0.48507,{"date":235,"score":118,"percentile":236},"2025-12-14",0.48496,{"date":238,"score":118,"percentile":239},"2025-12-15",0.48479,{"date":241,"score":118,"percentile":242},"2025-12-16",0.48492,{"date":244,"score":118,"percentile":245},"2025-12-17",0.48516,{"date":247,"score":118,"percentile":248},"2025-12-18",0.48555,{"date":250,"score":118,"percentile":251},"2025-12-19",0.4856,{"date":253,"score":118,"percentile":254},"2025-12-20",0.48537,{"date":256,"score":118,"percentile":119},"2025-12-21",{"date":258,"score":118,"percentile":122},"2025-12-22",{"date":260,"score":118,"percentile":261},"2025-12-23",0.48487,{"date":263,"score":118,"percentile":264},"2025-12-24",0.48498,{"date":266,"score":118,"percentile":267},"2025-12-25",0.4855,{"date":269,"score":118,"percentile":270},"2025-12-26",0.48539,{"date":272,"score":273,"percentile":274},"2025-12-27",0.00456,0.63353,{"date":276,"score":273,"percentile":277},"2025-12-28",0.63274,{"date":279,"score":273,"percentile":280},"2025-12-29",0.63264,{"date":282,"score":273,"percentile":283},"2025-12-30",0.63278,{"date":285,"score":273,"percentile":286},"2025-12-31",0.63306,{"date":288,"score":273,"percentile":289},"2026-01-01",0.63496,{"date":291,"score":273,"percentile":292},"2026-01-02",0.6348,{"date":294,"score":273,"percentile":295},"2026-01-03",0.63478,{"date":297,"score":273,"percentile":298},"2026-01-04",0.63298,{"date":300,"score":273,"percentile":301},"2026-01-05",0.63291,{"date":303,"score":273,"percentile":304},"2026-01-06",0.63286,{"date":306,"score":273,"percentile":307},"2026-01-07",0.63308,{"date":309,"score":273,"percentile":310},"2026-01-08",0.63329,{"date":312,"score":273,"percentile":313},"2026-01-09",0.63333,{"date":315,"score":273,"percentile":316},"2026-01-10",0.63328,{"date":318,"score":273,"percentile":319},"2026-01-11",0.63316,{"date":321,"score":273,"percentile":322},"2026-01-12",0.63296,{"date":324,"score":273,"percentile":325},"2026-01-13",0.63293,{"date":327,"score":273,"percentile":328},"2026-01-14",0.63336,{"date":330,"score":273,"percentile":274},"2026-01-15",{"date":332,"score":273,"percentile":333},"2026-01-16",0.63372,{"date":335,"score":273,"percentile":336},"2026-01-17",0.63362,{"date":338,"score":273,"percentile":339},"2026-01-18",0.6335,{"date":341,"score":273,"percentile":342},"2026-01-19",0.63339,{"date":344,"score":273,"percentile":345},"2026-01-20",0.63352,{"date":347,"score":273,"percentile":348},"2026-01-21",0.63355,{"date":350,"score":273,"percentile":351},"2026-01-22",0.6336,{"date":353,"score":273,"percentile":354},"2026-01-23",0.63393,{"date":356,"score":273,"percentile":357},"2026-01-24",0.63399,{"date":359,"score":273,"percentile":360},"2026-01-25",0.63364,{"date":362,"score":273,"percentile":274},"2026-01-26",{"date":364,"score":273,"percentile":365},"2026-01-27",0.63363,{"date":367,"score":273,"percentile":368},"2026-01-28",0.63373,{"date":370,"score":273,"percentile":371},"2026-01-29",0.63369,{"date":373,"score":273,"percentile":374},"2026-01-30",0.63374,{"date":376,"score":273,"percentile":377},"2026-01-31",0.63378,{"date":379,"score":273,"percentile":380},"2026-02-01",0.63523,[382,387,394],{"source":85,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":383},{"baseScore":384,"baseSeverity":385,"vectorString":386,"impactScore":9,"exploitabilityScore":9},6.3,"MEDIUM","CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",{"source":79,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":388,"cvss_v4_0":392},{"baseScore":77,"baseSeverity":389,"vectorString":80,"impactScore":390,"exploitabilityScore":391},"HIGH",6,10,{"baseScore":384,"baseSeverity":385,"vectorString":393,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",{"source":86,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":395},{"baseScore":384,"baseSeverity":9,"vectorString":393,"impactScore":9,"exploitabilityScore":9},[397,407,412],{"ecosystem":9,"name":398,"vendor":399,"product":398,"cpe_part":400,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":401},"aiohttp","aio-libs","a",[402],{"version":403,"is_range":404,"range_type":85,"version_start":9,"version_start_type":9,"version_end":405,"version_end_type":406,"fixed_in":9},"\u003C 3.10.11",true,"3.10.11","excluding",{"ecosystem":9,"name":398,"vendor":398,"product":398,"cpe_part":400,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":408},[409],{"version":410,"is_range":404,"range_type":411,"version_start":9,"version_start_type":9,"version_end":405,"version_end_type":406,"fixed_in":9},"lt3.10.11","cpe",{"ecosystem":413,"name":398,"vendor":413,"product":398,"cpe_part":9,"purl_type":414,"purl_namespace":9,"purl_name":398,"source":9,"versions":415},"PyPI","pypi",[416],{"version":417,"is_range":404,"range_type":418,"version_start":9,"version_start_type":9,"version_end":405,"version_end_type":406,"fixed_in":9},"lt3_10_11","ecosystem"]