You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.
Mend Note: The vulnerability was fixed in version 3.9.4 (unaffected). A few minor follow-up patches were added in 3.9.5, as stated in GHSA-5m98-qgg9-wh84.
CVE-2024-30251 - High Severity Vulnerability
Async http client/server framework (asyncio)
Library home page: https://files.pythonhosted.org/packages/88/c0/5890b4c8b04a79b7360e8fe4490feb0bb3ab179743f199f0e6220cebd568/aiohttp-3.7.4.post0-cp37-cp37m-manylinux2014_x86_64.whl
Path to dependency file: /tmp/ws-scm/easycv
Path to vulnerable library: /easycv
Dependency Hierarchy:
Found in base branch: master
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In affected versions an attacker can send a specially crafted POST (multipart/form-data) request. When the aiohttp server processes it, the server will enter an infinite loop and be unable to process any further requests. An attacker can stop the application from serving requests after sending a single request. This issue has been addressed in version 3.9.4. Users are advised to upgrade. Users unable to upgrade may manually apply a patch to their systems. Please see the linked GHSA for instructions.
Mend Note: The vulnerability was fixed in version 3.9.4 (unaffected). A few minor follow-up patches were added in 3.9.5, as stated in GHSA-5m98-qgg9-wh84.
Publish Date: 2024-05-02
URL: CVE-2024-30251
Base Score Metrics:
Type: Upgrade version
Origin: GHSA-5m98-qgg9-wh84
Release Date: 2024-05-02
Fix Resolution: 3.9.4
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: