ghsa-rwqr-c348-m5wr
Vulnerability from github
Published
2022-06-24 00:00
Modified
2022-07-05 21:27
Severity
Summary
Withdrawn: Denial of Service in aiohttp
Details
Withdrawn
This advisory has been withdrawn because the maintainers of aiohttp and multiple third parties disputed the validity of the issue. There is not sufficient evidence for the claims in the original report.
Original Description
aiohttp v3.8.1 was discovered to contain an invalid IPv6 URL which can lead to a Denial of Service (DoS).
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "aiohttp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.8.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-33124"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": true,
"github_reviewed_at": "2022-06-25T07:22:37Z",
"nvd_published_at": "2022-06-23T17:15:00Z",
"severity": "MODERATE"
},
"details": "## Withdrawn\nThis advisory has been withdrawn because the maintainers of aiohttp and multiple third parties disputed the validity of the issue. There is not sufficient evidence for the claims in the original report.\n\n## Original Description\naiohttp v3.8.1 was discovered to contain an invalid IPv6 URL which can lead to a Denial of Service (DoS).",
"id": "GHSA-rwqr-c348-m5wr",
"modified": "2022-07-05T21:27:19Z",
"published": "2022-06-24T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-33124"
},
{
"type": "WEB",
"url": "https://github.com/aio-libs/aiohttp/issues/6772"
},
{
"type": "PACKAGE",
"url": "https://github.com/aio-libs/aiohttp"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Withdrawn: Denial of Service in aiohttp",
"withdrawn": "2022-06-28T16:39:06Z"
}
Loading...