LOW

GHSA-fh55-r93g-j68g

AIOHTTP Vulnerable to Cookie Parser Warning Storm

Details

### Summary Reading multiple invalid cookies can lead to a logging storm.

### Impact If the ``cookies`` attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs using a specially crafted Cookie header.

----

Patch: https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / aiohttp

Introduced in: 0 Fixed in: 3.13.3

Fix pip install --upgrade 'aiohttp>=3.13.3'

References

https://github.com/aio-libs/aiohttp/security/advisories/GHSA-fh55-r93g-j68g [WEB]
https://nvd.nist.gov/vuln/detail/CVE-2025-69230 [ADVISORY]
https://github.com/aio-libs/aiohttp/commit/64629a0834f94e46d9881f4e99c41a137e1f3326 [WEB]
https://github.com/aio-libs/aiohttp [PACKAGE]