Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application
AnalysisAI
AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application Affected products include: Aiohttp.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 7.5), this vul
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 7.5), this vul
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.5), this v
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 5.3), this v
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 5.3), this v
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 8.7), this vul
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a reques
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an i
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bo
AIOHTTP versions prior to 3.12.14 contain a request smuggling vulnerability in the Python parser that fails to properly
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated high severity (CVSS 7.5), this vul
Arbitrary code execution in the aiohttp Python framework (versions prior to 3.14.0) arises when CookieJar.load() deseria
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today