CVE-2022-33124 – aiohttp

Package

Manager: pip
Name: aiohttp
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CVSS v4.0: N/A

EPSS: 0.00211 pctl0.43685

Details

Withdrawn: Denial of Service in aiohttp ## Withdrawn This advisory has been withdrawn because the maintainers of aiohttp and multiple third parties disputed the validity of the issue. There is not sufficient evidence for the claims in the original report. ## Original Description aiohttp v3.8.1 was discovered to contain an invalid IPv6 URL which can lead to a Denial of Service (DoS).

Metadata

Created: 2022-06-24T00:00:31Z
Modified: 2022-07-05T21:27:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-rwqr-c348-m5wr/GHSA-rwqr-c348-m5wr.json
CWE IDs: []
Alternative ID: GHSA-rwqr-c348-m5wr
Finding: N/A
Auto approve: 0