Mingijunggrape

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. An attacker controlling the `content type` parameter in aiohttp could inject extra headers or similar exploits. If an application allows untrusted data to be used for the multipart `content type` parameter when constructing a request, an attacker may be able to manipulate the request. Recommendations Update to version 3.13.4 or later.

**Name of the Vulnerable Software and Affected Versions** SES versions prior to 1.12.0 **Description** The issue arises when using the SES and Compartment API to evaluate third-party code in an isolated environment. In versions prior to 1.12.0, top-level `let`, `const`, and `class` bindings in `<script>` tags are inadvertently revealed in the lexical scope of third-party code. This is due to the way these bindings are handled in the global scope. **Recommendations** For versions prior to 1.12.0, consider updating to version 1.12.0 to resolve the issue. As a temporary workaround, avoid using top-level `let`, `const`, or `class` bindings in `<script>` tags. Alternatively, change top-level `let`, `const`, or `class` bindings to `var` bindings to prevent them from being reflected on `globalThis`.