UNKNOWN PyPI
AIOHTTP vulnerable to denial of service through large payloads
GHSA-6jhg-hg63-jvvf · CVE-2025-69228
Published · Modified
Description
Summary
A request can be crafted in such a way that an aiohttp server's memory fills up uncontrollably during processing.
Impact
If an application includes a handler that uses the Request.post() method, an attacker may be able to freeze the server by exhausting the memory.
Patch: https://github.com/aio-libs/aiohttp/commit/b7dbd35375aedbcd712cbae8ad513d56d11cce60
Ready to move
Start Securing
Free, no credit card | First findings in minutes