MEDIUM

GHSA-4fvr-rgm6-gqmc

aiohttp: HTTP/1 Pipelined Requests Queue Without Limit

Details

### Summary

No limit was present on the number of pipelined requests that could be queued.

### Impact

An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS.

-----

Patch: https://github.com/aio-libs/aiohttp/commit/dfdfa9d5aad5d21f91c79fb2ceeba0f8046cb6cf

Enter the version of the package you're using.

Introduced in: 0 Fixed in: 3.14.1

Fix pip install --upgrade 'aiohttp>=3.14.1'