Количество 6
Количество 6
CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests. Those who use any middlewares with aiohttp.web should upgrade to version 3.10.11 to receive a patch.
CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests. Those who use any middlewares with aiohttp.web should upgrade to version 3.10.11 to receive a patch.
CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests. Those who use any middlewares with aiohttp.web should upgrade to version 3.10.11 to receive a patch.
CVE-2024-52303
aiohttp is an asynchronous HTTP client/server framework for asyncio an ...
GHSA-27mf-ghqm-j3j8
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
BDU:2024-10293
Уязвимость HTTP-клиента aiohttp, связанная с неосвобождением ресурса после истечения действительного срока его эксплуатирования, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-52303 aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests. Those who use any middlewares with aiohttp.web should upgrade to version 3.10.11 to receive a patch. | CVSS3: 7.5 | 0% Низкий | 12 месяцев назад |
 | CVE-2024-52303 aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests. Those who use any middlewares with aiohttp.web should upgrade to version 3.10.11 to receive a patch. | CVSS3: 7.5 | 0% Низкий | 12 месяцев назад |
 | CVE-2024-52303 aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests. Those who use any middlewares with aiohttp.web should upgrade to version 3.10.11 to receive a patch. | CVSS3: 7.5 | 0% Низкий | 12 месяцев назад |
| CVE-2024-52303 aiohttp is an asynchronous HTTP client/server framework for asyncio an ... | CVSS3: 7.5 | 0% Низкий | 12 месяцев назад |
| GHSA-27mf-ghqm-j3j8 aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method | CVSS3: 7.5 | 0% Низкий | 12 месяцев назад |
 | BDU:2024-10293 Уязвимость HTTP-клиента aiohttp, связанная с неосвобождением ресурса после истечения действительного срока его эксплуатирования, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | 12 месяцев назад |
Уязвимостей на страницу