CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

CVE-2025-69223 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

CVE-2025-69223 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

CVE-2025-69223 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

CVE-2025-69223

CVE-2025-69223 affects AIOHTTP (async HTTP framework for asyncio/Python). Version 3.13.2 and earlier are vulnerable to a zip bomb that, when decompressed by the server, can exhaust memory and cause a DoS. The issue is resolved in version 3.13.3. In practice, an attacker could send a compressed re...

PT-2026-1351

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, has an issue where versions 3.13.2 and below allow an attacker to determine the existence of absolute path components...

PT-2026-1354

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below are susceptible to a denial of service condition. An attacker can craft a request that caus...

aiohttp 信息泄露漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. An information disclosure vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from path normalization logic that may disclose absolute path component information,...

PT-2026-1357

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Accessing the cookies attribute in an application with versions 3.13.2 and below can lead to a logging storm when...

PT-2026-1350

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, has an issue in its parser logic. The parser allows non-ASCII decimals to be present in the Range header. This could...

PT-2026-1349

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, may be susceptible to a request smuggling attack when using versions 3.13.2 and below. This issue arises from the...

aiohttp 环境问题漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs open source. An environment issue vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from the presence of non-ASCII characters that could allow a request entrapment attac...

PT-2026-1353

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, is susceptible to a denial-of-service DoS attack. When optimizations are enabled using -O or PYTHONOPTIMIZE=1, and an...

PT-2026-1348

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP, an asynchronous HTTP client/server framework for asyncio and Python, is susceptible to a denial-of-service DoS attack. An attacker can send a compressed request, specifically a zip bomb,...

PT-2026-1355

Name of the Vulnerable Software and Affected Versions AIOHTTP versions 3.13.2 and below Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Handling of chunked messages in versions 3.13.2 and below can lead to excessive blocking CPU usage when receiving a...

aiohttp 安全漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs. A security vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from a zip bomb that can cause the server to run out of memory, potentially leading to a denial-of-service...

Security Bulletin: Vulnerability in AIOHTTP affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in AIOHTTP has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

Low: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.0.7

Red Hat OpenShift Service Mesh 3.0.7 Red Hat OpenShift Service Mesh 3.0.7, which is based on the open source Istio project, addresses a variety of problems in a microservice architecture by creating a centralized point of control in an application. Security Fixes: istio-proxyv2-rhel9: AIOHTTP is...