2 matches found
CVE-2026-54278
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be...
PT-2026-49592
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description During cleanup, a compressed request body can be decompressed into memory in a single chunk. An attacker may send a compressed payload in specific situations that could be decompressed into memory,...