DirectorySecurity Advisories
Sign In
Security Advisories

CGA-48j3-hqpv-g3q7

Published

Last updated

https://images.chainguard.dev/security/CGA-48j3-hqpv-g3q7
Package

py3-aiohttp

Latest Update
Fixed
Fixed Version

3.10.11-r0

Aliases
  • CVE-2024-52303
  • GHSA-27mf-ghqm-j3j8

Severity

7.5

High

CVSS V3

Summary

aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method

Description

Summary

A memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry.

Impact

If the user is making use of any middlewares with aiohttp.web then it is advisable to upgrade immediately.

An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests.


Patch: https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images