Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Improper Input Validation vulnerabilities in an interactive lesson.
Start learningUpgrade aiohttp
to version 3.9.0 or higher.
Affected versions of this package are vulnerable to Improper Input Validation in the ClientSession. An attacker can modify the HTTP
request or create a new HTTP
request by controlling the HTTP
version of the request. If a list is passed, then it bypasses validation and it is possible to perform CRLF injection.
Note: The vulnerability only occurs if the attacker can control the HTTP version of the request (including its type).
If these specific conditions are met and you are unable to upgrade, then validate the user input to the version parameter to ensure it is a str
.