2 matches found
PT-2026-49587
Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. The software lacked a limit on the number of pipelined requests that could be queued. An attacker could exploit this b...
AZL-31660 CVE-2023-39325 affecting package skopeo for versions less than 1.12.0-4
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...