python3-aiohttp: fix CVE-2025-53643 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Jiaying Song <jiaying.song.cn@windriver.com>	2025-07-16 17:22:22 +0800
committer	Armin Kuster <akuster808@gmail.com>	2025-07-27 14:35:10 -0400
commit	59d381adcaf70ccae5e78a8a21e2afbc59a52165 (patch)
tree	0aae5dd5ebf1f7d313738095fd86c38a4d720d52 /meta-python/recipes-devtools/python/python-lazy-object-proxy.inc
parent	0883565b5dc963318111b04fd0c5dbf1d1b5fa2d (diff)
download	meta-openembedded-59d381adcaf70ccae5e78a8a21e2afbc59a52165.tar.gz

python3-aiohttp: fix CVE-2025-53643

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.12.14, the Python parser is vulnerable to a request smuggling vulnerability due to not parsing trailer sections of an HTTP request. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or AIOHTTP_NO_EXTENSIONS is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.12.14 contains a patch for this issue. References: https://nvd.nist.gov/vuln/detail/CVE-2025-53643 Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python-lazy-object-proxy.inc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: