{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2023-49082","title":"Title"},{"category":"description","text":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2023-49082","url":"https://www.suse.com/security/cve/CVE-2023-49082"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1217682 for CVE-2023-49082","url":"https://bugzilla.suse.com/1217682"},{"category":"external","summary":"Advisory link for SUSE-SU-2024:0168-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2024-January/017713.html"}],"title":"SUSE CVE CVE-2023-49082","tracking":{"current_release_date":"2026-03-12T09:57:32Z","generator":{"date":"2023-12-01T02:18:59Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2023-49082","initial_release_date":"2023-12-01T02:18:59Z","revision_history":[{"date":"2023-12-01T02:18:59Z","number":"2","summary":"Current version"},{"date":"2024-01-20T03:11:03Z","number":"3","summary":"Current version"},{"date":"2025-01-01T01:50:40Z","number":"4","summary":"Current version"},{"date":"2025-01-04T01:58:11Z","number":"5","summary":"Current version"},{"date":"2025-02-14T06:08:15Z","number":"6","summary":"Current version"},{"date":"2025-02-16T06:01:21Z","number":"7","summary":"Current version"},{"date":"2025-03-13T13:47:43Z","number":"8","summary":"Current version"},{"date":"2025-03-15T06:05:00Z","number":"9","summary":"Current version"},{"date":"2025-03-26T04:28:57Z","number":"10","summary":"Current version"},{"date":"2025-04-02T09:13:05Z","number":"11","summary":"Current version"},{"date":"2025-05-15T09:28:21Z","number":"12","summary":"Current version"},{"date":"2025-06-25T14:16:54Z","number":"13","summary":"Current version"},{"date":"2025-07-02T01:18:13Z","number":"14","summary":"Current version"},{"date":"2025-07-10T23:41:31Z","number":"15","summary":"Current version"},{"date":"2025-11-03T02:40:54Z","number":"16","summary":"Current version"},{"date":"2026-01-21T00:30:08Z","number":"17","summary":"unknown changes"},{"date":"2026-03-12T09:57:32Z","number":"18","summary":"unknown changes"}],"status":"interim","version":"18"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Enterprise Storage 6","product":{"name":"SUSE Enterprise Storage 6","product_id":"SUSE Enterprise Storage 6","product_identification_helper":{"cpe":"cpe:/o:suse:ses:6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP4","product":{"name":"SUSE Linux Enterprise Desktop 15 SP4","product_id":"SUSE Linux Enterprise Desktop 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP5","product":{"name":"SUSE Linux Enterprise Desktop 15 SP5","product_id":"SUSE Linux Enterprise Desktop 15 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP6","product":{"name":"SUSE Linux Enterprise Desktop 15 SP6","product_id":"SUSE Linux Enterprise Desktop 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Desktop 15 SP7","product":{"name":"SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sled:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP1","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP1","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP4","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP4","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP5","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP5","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP6","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP6","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP7","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Public Cloud 15 SP1","product":{"name":"SUSE Linux Enterprise Module for Public Cloud 15 SP1","product_id":"SUSE Linux Enterprise Module for Public Cloud 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-public-cloud:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Python 3 15 SP4","product":{"name":"SUSE Linux Enterprise Module for Python 3 15 SP4","product_id":"SUSE Linux Enterprise Module for Python 3 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-python3:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Python 3 15 SP5","product":{"name":"SUSE Linux Enterprise Module for Python 3 15 SP5","product_id":"SUSE Linux Enterprise Module for Python 3 15 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-python3:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Python 3 15 SP6","product":{"name":"SUSE Linux Enterprise Module for Python 3 15 SP6","product_id":"SUSE Linux Enterprise Module for Python 3 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-python3:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Python 3 15 SP7","product":{"name":"SUSE Linux Enterprise Module for Python 3 15 SP7","product_id":"SUSE Linux Enterprise Module for Python 3 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-python3:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP1","product":{"name":"SUSE Linux Enterprise Server 15 SP1","product_id":"SUSE Linux Enterprise Server 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP4","product":{"name":"SUSE Linux Enterprise Server 15 SP4","product_id":"SUSE Linux Enterprise Server 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP5","product":{"name":"SUSE Linux Enterprise Server 15 SP5","product_id":"SUSE Linux Enterprise Server 15 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP6","product":{"name":"SUSE Linux Enterprise Server 15 SP6","product_id":"SUSE Linux Enterprise Server 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP7","product":{"name":"SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp7"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 16.0","product":{"name":"SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0","product_identification_helper":{"cpe":"cpe:/o:suse:sles:16.0"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp4"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp5"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp6"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp7"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.0","product":{"name":"SUSE Manager Proxy 4.0","product_id":"SUSE Manager Proxy 4.0","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.0"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.3","product":{"name":"SUSE Manager Proxy 4.3","product_id":"SUSE Manager Proxy 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.3"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.0","product":{"name":"SUSE Manager Retail Branch Server 4.0","product_id":"SUSE Manager Retail Branch Server 4.0","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.0"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.3","product":{"name":"SUSE Manager Retail Branch Server 4.3","product_id":"SUSE Manager Retail Branch Server 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.3"}}},{"category":"product_name","name":"SUSE Manager Server 4.0","product":{"name":"SUSE Manager Server 4.0","product_id":"SUSE Manager Server 4.0","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.0"}}},{"category":"product_name","name":"SUSE Manager Server 4.3","product":{"name":"SUSE Manager Server 4.3","product_id":"SUSE Manager Server 4.3","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.3"}}},{"category":"product_name","name":"openSUSE Leap 15.5","product":{"name":"openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.5"}}},{"category":"product_version","name":"python-aiohttp","product":{"name":"python-aiohttp","product_id":"python-aiohttp","product_identification_helper":{"cpe":"cpe:2.3:a:aiohttp_project:aiohttp:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/python-aiohttp@"}}},{"category":"product_version","name":"python-aiohttp-doc","product":{"name":"python-aiohttp-doc","product_id":"python-aiohttp-doc","product_identification_helper":{"cpe":"cpe:2.3:a:aiohttp_project:aiohttp:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/python-aiohttp-doc@?upstream=python-aiohttp.src.rpm"}}},{"category":"product_version","name":"python3-aiohttp","product":{"name":"python3-aiohttp","product_id":"python3-aiohttp","product_identification_helper":{"cpe":"cpe:2.3:a:aiohttp_project:aiohttp:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/python3-aiohttp@?upstream=python-aiohttp.src.rpm"}}},{"category":"product_version","name":"python311-aiohttp","product":{"name":"python311-aiohttp","product_id":"python311-aiohttp","product_identification_helper":{"cpe":"cpe:2.3:a:aiohttp_project:aiohttp:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/python311-aiohttp@?upstream=python-aiohttp.src.rpm"}}},{"category":"product_version","name":"python311-aiohttp-3.8.6-150400.10.11.1","product":{"name":"python311-aiohttp-3.8.6-150400.10.11.1","product_id":"python311-aiohttp-3.8.6-150400.10.11.1","product_identification_helper":{"cpe":"cpe:2.3:a:aiohttp_project:aiohttp:3.8.6:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/python311-aiohttp@3.8.6-150400.10.11.1?upstream=python-aiohttp-3.8.6-150400.10.11.1.src.rpm"}}},{"category":"product_version","name":"python313-aiohttp-3.11.16-160000.2.2","product":{"name":"python313-aiohttp-3.11.16-160000.2.2","product_id":"python313-aiohttp-3.11.16-160000.2.2","product_identification_helper":{"cpe":"cpe:2.3:a:aiohttp_project:aiohttp:3.11.16:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/python313-aiohttp@3.11.16-160000.2.2?upstream=python-aiohttp-3.11.16-160000.2.2.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise Server 15 SP5","product_id":"SUSE Linux Enterprise Server 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise Desktop 15 SP5","product_id":"SUSE Linux Enterprise Desktop 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise High Performance Computing 15 SP5","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise Module for Python 3 15 SP5","product_id":"SUSE Linux Enterprise Module for Python 3 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise Module for Python 3 15 SP5"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise Server 15 SP6","product_id":"SUSE Linux Enterprise Server 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise Desktop 15 SP6","product_id":"SUSE Linux Enterprise Desktop 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP6","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise High Performance Computing 15 SP6","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise Module for Python 3 15 SP6","product_id":"SUSE Linux Enterprise Module for Python 3 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise Module for Python 3 15 SP6"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise Server 15 SP7","product_id":"SUSE Linux Enterprise Server 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise Desktop 15 SP7","product_id":"SUSE Linux Enterprise Desktop 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP7","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise High Performance Computing 15 SP7","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of SUSE Linux Enterprise Module for Python 3 15 SP7","product_id":"SUSE Linux Enterprise Module for Python 3 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"SUSE Linux Enterprise Module for Python 3 15 SP7"},{"category":"default_component_of","full_product_name":{"name":"python313-aiohttp-3.11.16-160000.2.2 as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:python313-aiohttp-3.11.16-160000.2.2"},"product_reference":"python313-aiohttp-3.11.16-160000.2.2","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp-3.8.6-150400.10.11.1 as component of openSUSE Leap 15.5","product_id":"openSUSE Leap 15.5:python311-aiohttp-3.8.6-150400.10.11.1"},"product_reference":"python311-aiohttp-3.8.6-150400.10.11.1","relates_to_product_reference":"openSUSE Leap 15.5"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp-doc as component of SUSE Linux Enterprise Server 15 SP1","product_id":"SUSE Linux Enterprise Server 15 SP1:python-aiohttp-doc"},"product_reference":"python-aiohttp-doc","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"python3-aiohttp as component of SUSE Linux Enterprise Server 15 SP1","product_id":"SUSE Linux Enterprise Server 15 SP1:python3-aiohttp"},"product_reference":"python3-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Linux Enterprise Server 15 SP1","product_id":"SUSE Linux Enterprise Server 15 SP1:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp-doc as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1:python-aiohttp-doc"},"product_reference":"python-aiohttp-doc","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"python3-aiohttp as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1:python3-aiohttp"},"product_reference":"python3-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP1:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp-doc as component of SUSE Linux Enterprise High Performance Computing 15 SP1","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1:python-aiohttp-doc"},"product_reference":"python-aiohttp-doc","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"python3-aiohttp as component of SUSE Linux Enterprise High Performance Computing 15 SP1","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1:python3-aiohttp"},"product_reference":"python3-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Linux Enterprise High Performance Computing 15 SP1","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP1:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp-doc as component of SUSE Manager Server 4.0","product_id":"SUSE Manager Server 4.0:python-aiohttp-doc"},"product_reference":"python-aiohttp-doc","relates_to_product_reference":"SUSE Manager Server 4.0"},{"category":"default_component_of","full_product_name":{"name":"python3-aiohttp as component of SUSE Manager Server 4.0","product_id":"SUSE Manager Server 4.0:python3-aiohttp"},"product_reference":"python3-aiohttp","relates_to_product_reference":"SUSE Manager Server 4.0"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Manager Server 4.0","product_id":"SUSE Manager Server 4.0:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Manager Server 4.0"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp-doc as component of SUSE Manager Proxy 4.0","product_id":"SUSE Manager Proxy 4.0:python-aiohttp-doc"},"product_reference":"python-aiohttp-doc","relates_to_product_reference":"SUSE Manager Proxy 4.0"},{"category":"default_component_of","full_product_name":{"name":"python3-aiohttp as component of SUSE Manager Proxy 4.0","product_id":"SUSE Manager Proxy 4.0:python3-aiohttp"},"product_reference":"python3-aiohttp","relates_to_product_reference":"SUSE Manager Proxy 4.0"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Manager Proxy 4.0","product_id":"SUSE Manager Proxy 4.0:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Manager Proxy 4.0"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp-doc as component of SUSE Manager Retail Branch Server 4.0","product_id":"SUSE Manager Retail Branch Server 4.0:python-aiohttp-doc"},"product_reference":"python-aiohttp-doc","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.0"},{"category":"default_component_of","full_product_name":{"name":"python3-aiohttp as component of SUSE Manager Retail Branch Server 4.0","product_id":"SUSE Manager Retail Branch Server 4.0:python3-aiohttp"},"product_reference":"python3-aiohttp","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.0"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Manager Retail Branch Server 4.0","product_id":"SUSE Manager Retail Branch Server 4.0:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.0"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp-doc as component of SUSE Enterprise Storage 6","product_id":"SUSE Enterprise Storage 6:python-aiohttp-doc"},"product_reference":"python-aiohttp-doc","relates_to_product_reference":"SUSE Enterprise Storage 6"},{"category":"default_component_of","full_product_name":{"name":"python3-aiohttp as component of SUSE Enterprise Storage 6","product_id":"SUSE Enterprise Storage 6:python3-aiohttp"},"product_reference":"python3-aiohttp","relates_to_product_reference":"SUSE Enterprise Storage 6"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Enterprise Storage 6","product_id":"SUSE Enterprise Storage 6:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Enterprise Storage 6"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp-doc as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1","product_id":"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python-aiohttp-doc"},"product_reference":"python-aiohttp-doc","relates_to_product_reference":"SUSE Linux Enterprise Module for Public Cloud 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"python3-aiohttp as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1","product_id":"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-aiohttp"},"product_reference":"python3-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Module for Public Cloud 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Linux Enterprise Module for Public Cloud 15 SP1","product_id":"SUSE Linux Enterprise Module for Public Cloud 15 SP1:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Module for Public Cloud 15 SP1"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp as component of SUSE Linux Enterprise Server 15 SP4","product_id":"SUSE Linux Enterprise Server 15 SP4:python311-aiohttp"},"product_reference":"python311-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Linux Enterprise Server 15 SP4","product_id":"SUSE Linux Enterprise Server 15 SP4:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp as component of SUSE Linux Enterprise Desktop 15 SP4","product_id":"SUSE Linux Enterprise Desktop 15 SP4:python311-aiohttp"},"product_reference":"python311-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Linux Enterprise Desktop 15 SP4","product_id":"SUSE Linux Enterprise Desktop 15 SP4:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Desktop 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-aiohttp"},"product_reference":"python311-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP4:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp as component of SUSE Linux Enterprise High Performance Computing 15 SP4","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4:python311-aiohttp"},"product_reference":"python311-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Linux Enterprise High Performance Computing 15 SP4","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP4:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp as component of SUSE Manager Server 4.3","product_id":"SUSE Manager Server 4.3:python311-aiohttp"},"product_reference":"python311-aiohttp","relates_to_product_reference":"SUSE Manager Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Manager Server 4.3","product_id":"SUSE Manager Server 4.3:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Manager Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp as component of SUSE Manager Proxy 4.3","product_id":"SUSE Manager Proxy 4.3:python311-aiohttp"},"product_reference":"python311-aiohttp","relates_to_product_reference":"SUSE Manager Proxy 4.3"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Manager Proxy 4.3","product_id":"SUSE Manager Proxy 4.3:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Manager Proxy 4.3"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp as component of SUSE Manager Retail Branch Server 4.3","product_id":"SUSE Manager Retail Branch Server 4.3:python311-aiohttp"},"product_reference":"python311-aiohttp","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Manager Retail Branch Server 4.3","product_id":"SUSE Manager Retail Branch Server 4.3:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.3"},{"category":"default_component_of","full_product_name":{"name":"python311-aiohttp as component of SUSE Linux Enterprise Module for Python 3 15 SP4","product_id":"SUSE Linux Enterprise Module for Python 3 15 SP4:python311-aiohttp"},"product_reference":"python311-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Module for Python 3 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"python-aiohttp as component of SUSE Linux Enterprise Module for Python 3 15 SP4","product_id":"SUSE Linux Enterprise Module for Python 3 15 SP4:python-aiohttp"},"product_reference":"python-aiohttp","relates_to_product_reference":"SUSE Linux Enterprise Module for Python 3 15 SP4"}]},"vulnerabilities":[{"cve":"CVE-2023-49082","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-49082"}],"notes":[{"category":"general","text":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation makes it possible for an attacker to modify the HTTP request (e.g. insert a new header) or even create a new HTTP request if the attacker controls the HTTP method. The vulnerability occurs only if the attacker can control the HTTP method (GET, POST etc.) of the request. If the attacker can control the HTTP version of the request it will be able to modify the request (request smuggling). This issue has been patched in version 3.9.0.","title":"CVE description"}],"product_status":{"known_affected":["SUSE Enterprise Storage 6:python-aiohttp","SUSE Enterprise Storage 6:python-aiohttp-doc","SUSE Enterprise Storage 6:python3-aiohttp","SUSE Linux Enterprise Desktop 15 SP4:python-aiohttp","SUSE Linux Enterprise Desktop 15 SP4:python311-aiohttp","SUSE Linux Enterprise High Performance Computing 15 SP1:python-aiohttp","SUSE Linux Enterprise High Performance Computing 15 SP1:python-aiohttp-doc","SUSE Linux Enterprise High Performance Computing 15 SP1:python3-aiohttp","SUSE Linux Enterprise High Performance Computing 15 SP4:python-aiohttp","SUSE Linux Enterprise High Performance Computing 15 SP4:python311-aiohttp","SUSE Linux Enterprise Module for Public Cloud 15 SP1:python-aiohttp","SUSE Linux Enterprise Module for Public Cloud 15 SP1:python-aiohttp-doc","SUSE Linux Enterprise Module for Public Cloud 15 SP1:python3-aiohttp","SUSE Linux Enterprise Module for Python 3 15 SP4:python-aiohttp","SUSE Linux Enterprise Module for Python 3 15 SP4:python311-aiohttp","SUSE Linux Enterprise Server 15 SP1:python-aiohttp","SUSE Linux Enterprise Server 15 SP1:python-aiohttp-doc","SUSE Linux Enterprise Server 15 SP1:python3-aiohttp","SUSE Linux Enterprise Server 15 SP4:python-aiohttp","SUSE Linux Enterprise Server 15 SP4:python311-aiohttp","SUSE Linux Enterprise Server for SAP Applications 15 SP1:python-aiohttp","SUSE Linux Enterprise Server for SAP Applications 15 SP1:python-aiohttp-doc","SUSE Linux Enterprise Server for SAP Applications 15 SP1:python3-aiohttp","SUSE Linux Enterprise Server for SAP Applications 15 SP4:python-aiohttp","SUSE Linux Enterprise Server for SAP Applications 15 SP4:python311-aiohttp","SUSE Manager Proxy 4.0:python-aiohttp","SUSE Manager Proxy 4.0:python-aiohttp-doc","SUSE Manager Proxy 4.0:python3-aiohttp","SUSE Manager Proxy 4.3:python-aiohttp","SUSE Manager Proxy 4.3:python311-aiohttp","SUSE Manager Retail Branch Server 4.0:python-aiohttp","SUSE Manager Retail Branch Server 4.0:python-aiohttp-doc","SUSE Manager Retail Branch Server 4.0:python3-aiohttp","SUSE Manager Retail Branch Server 4.3:python-aiohttp","SUSE Manager Retail Branch Server 4.3:python311-aiohttp","SUSE Manager Server 4.0:python-aiohttp","SUSE Manager Server 4.0:python-aiohttp-doc","SUSE Manager Server 4.0:python3-aiohttp","SUSE Manager Server 4.3:python-aiohttp","SUSE Manager Server 4.3:python311-aiohttp"],"recommended":["SUSE Linux Enterprise Desktop 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Desktop 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Desktop 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise High Performance Computing 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise High Performance Computing 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise High Performance Computing 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Module for Python 3 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Module for Python 3 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Module for Python 3 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server 16.0:python313-aiohttp-3.11.16-160000.2.2","SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server for SAP Applications 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","openSUSE Leap 15.5:python311-aiohttp-3.8.6-150400.10.11.1"]},"references":[{"category":"external","summary":"CVE-2023-49082","url":"https://www.suse.com/security/cve/CVE-2023-49082"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1217682 for CVE-2023-49082","url":"https://bugzilla.suse.com/1217682"},{"category":"external","summary":"Advisory link for SUSE-SU-2024:0168-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2024-January/017713.html"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Desktop 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Desktop 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Desktop 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise High Performance Computing 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise High Performance Computing 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise High Performance Computing 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Module for Python 3 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Module for Python 3 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Module for Python 3 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server 16.0:python313-aiohttp-3.11.16-160000.2.2","SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server for SAP Applications 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","openSUSE Leap 15.5:python311-aiohttp-3.8.6-150400.10.11.1"]}],"scores":[{"cvss_v3":{"baseScore":5.9,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Desktop 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Desktop 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Desktop 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise High Performance Computing 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise High Performance Computing 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise High Performance Computing 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Module for Python 3 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Module for Python 3 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Module for Python 3 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server 16.0:python313-aiohttp-3.11.16-160000.2.2","SUSE Linux Enterprise Server for SAP Applications 15 SP5:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server for SAP Applications 15 SP6:python311-aiohttp-3.8.6-150400.10.11.1","SUSE Linux Enterprise Server for SAP Applications 15 SP7:python311-aiohttp-3.8.6-150400.10.11.1","openSUSE Leap 15.5:python311-aiohttp-3.8.6-150400.10.11.1"]}],"threats":[{"category":"impact","date":"2023-11-29T22:00:35Z","details":"moderate"}],"title":"CVE-2023-49082"}]}