Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AIOHTTP vulnerable to DoS when bypassing asserts
Vulnerability Description
AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled (-O or PYTHONOPTIMIZE=1), and the application includes a handler that uses the Request.post() method, then an attacker may be able to execute a DoS attack with a specially crafted message. This issue is fixed in version 3.13.3.
CVSS Information
N/A
Vulnerability Type
不可达退出条件的循环(无限循环)
Vulnerability Title
aiohttp 安全漏洞
Vulnerability Description
aiohttp是aio-libs开源的一个开源的用于 asyncio 和 Python 的异步 HTTP 客户端/服务器框架。 aiohttp 3.13.2及之前版本存在安全漏洞,该漏洞源于绕过断言语句可能导致无限循环,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A