aiohttp 安全漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs open source. A security vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from reading multiple invalid cookies may result in a log storm that could lead to a denial of...

aiohttp 安全漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python from aio-libs open source. A security vulnerability exists in aiohttp 3.13.2 and earlier versions, which stems from a specially crafted request that can cause the server to run out of memory, potentially...

Linux Distros Unpatched Vulnerability : CVE-2025-69225

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals t...

Linux Distros Unpatched Vulnerability : CVE-2025-69230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a...

Linux Distros Unpatched Vulnerability : CVE-2025-69228

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an...

Linux Distros Unpatched Vulnerability : CVE-2025-69224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smugglin...

CVE-2025-69230 AIOHTTP Vulnerable to Cookie Parser Warning Storm

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...

CVE-2025-69230 AIOHTTP Vulnerable to Cookie Parser Warning Storm

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...

CVE-2025-69230

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...

CVE-2025-69230

CVE-2025-69230 affects the AIOHTTP project (async HTTP client/server for asyncio and Python). In versions 3.13.2 and earlier, reading multiple invalid cookies can trigger a storm of warning-level logs when a malicious Cookie header is crafted. The issue is fixed in version 3.13.3. Impact is descr...

CVE-2025-69230

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...

CVE-2025-69229 AIOHTTP vulnerable to DoS through chunked messages

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

CVE-2025-69229 AIOHTTP vulnerable to DoS through chunked messages

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

CVE-2025-69229

CVE-2025-69229 affects aiohttp up to version 3.13.2, where chunked message handling can cause excessive blocking CPU time when processing many chunks, potentially enabling DoS. The issue is fixed in version 3.13.3. Remediation: upgrade to 3.13.3 or newer. Notes from connected docs confirm the DoS...

CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

CVE-2025-69229 AIOHTTP vulnerable to DoS through chunked messages

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

CVE-2025-69228 AIOHTTP vulnerable to denial of service through large payloads

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post method, ...

CVE-2025-69228 AIOHTTP vulnerable to denial of service through large payloads

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post method, ...

CVE-2025-69228 AIOHTTP vulnerable to denial of service through large payloads

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post method, ...