2 matches found
CVE-2026-54278
CVE-2026-54278 affects the AIOHTTP framework for Python. Prior to 3.14.1, during cleanup a compressed request body could be decompressed in memory in one chunk, potentially enabling a DoS via a zip-bomb scenario. Impact is described as high for availability and no confidentiality/integrity impact...
GHSA-G3CQ-J2XW-WF74 aiohttp: Unread Compressed Request Bodies Bypass client_max_size During Cleanup
Summary During cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. Impact An attacker may be able to send a compressed payload in specific situations that could be decompressed into memory, potentially leading to DoS a zip bomb edge case. Workaround...