Is CVE-2023-47627 actively exploited?

CVE-2023-47627 has no public evidence of in-the-wild exploitation as of 2025-11-03.

What is the CVSS score for CVE-2023-47627?

CVE-2023-47627 has a CVSS score of 5.3 (MEDIUM severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

How do I patch CVE-2023-47627?

Patch guidance is available from aiohttp security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-47627.

CVE-2023-47627 - remediation guidance & executive summary

Description

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. The HTTP parser in AIOHTTP has numerous problems with header parsing, which could lead to request smuggling. This parser is only used when AIOHTTP_NO_EXTENSIONS is enabled (or not using a prebuilt wheel). These bugs have been addressed in commit `d5c12ba89` which has been included in release version 3.8.6. Users are advised to upgrade. There are no known workarounds for these issues.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: none
Integrity: low
Availability: none
Weaknesses: CWE-444

Metadata

Primary Vendor: AIOHTTP
Published: 11/14/2023
Last Modified: 11/3/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

aiohttp : aiohttp

Remediation Guidance

Executive Summary

Cite this page

CVE-2023-47627. CVEDatabase.com. Retrieved 1 May 2026. https://cvedatabase.com/cve/CVE-2023-47627

View on NIST NVD

CVE-2023-47627 vulnerability