aiohttp version has multiple CVE's
AlaricWhitney opened this issue · comments
Alaric Whitney commented
Issue Summary
the aiohttp version currently used (3.8.4) has multiple security vulnerabilities with open CVE's:
- https://nvd.nist.gov/vuln/detail/CVE-2024-23334
- https://nvd.nist.gov/vuln/detail/CVE-2024-23829
- https://nvd.nist.gov/vuln/detail/CVE-2023-49082
- https://nvd.nist.gov/vuln/detail/CVE-2024-23334
aiohttp needs to be upgraded to at least 3.9.2 to resolve the issue.
Steps to Reproduce
Code Snippet
https://github.com/twilio/twilio-python/blob/main/setup.py#L26
Exception/Log
Technical details:
- twilio-python version: 9.0.2
- python version: 3.7