CNNVD-202507-1890 Information

CNNVD ID

CNNVD-202507-1890

Related CVE

CVE-2025-53643

• CNNVD Published: 2025-07-14

Description (Chinese)

aiohttp是aio-libs开源的一个开源的用于 asyncio 和 Python 的异步 HTTP 客户端/服务器框架。 aiohttp 3.12.14之前版本存在环境问题漏洞，该漏洞源于Python解析器存在请求走私，可能导致绕过防火墙或代理保护。

Description (English)

Aiohttp is an open source of aio-libs open source for asyncio and Python’s walk HTTP client/server framework. Prior to aiohttp 3.12.14, there was an environmental loophole, which stemmed from the presence of a Python resolver requesting smuggling, which could lead to the circumvention of firewalls or proxy protection.

Hazard Level

Medium

Vulnerability Type

环境问题

Affected Vendor

aio-libs

Published

2025-07-14

Last Modified

2026-02-24

References

https://github.com/aio-libs/aio https://access.redhat.com/security/cve/cve-2025-53643 https://www.oracle.com/security-alerts/cpuoct2025.html https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://docs.aiohttp.org/en/stable/