LOW

GHSA-2fqr-mr3j-6wp8

aiohttp: Host-Only Cookies Become Domain Cookies After CookieJar Persistence

Details

### Summary

Host-only cookies that are saved with ``CookieJar.save()`` and then restored later with ``CookieJar.load()`` lose their host-only status.

### Impact

Host-only cookies that have been loaded from disk may get sent to subdomains that previously should have been disallowed.

-----

Patch: https://github.com/aio-libs/aiohttp/commit/a329a7aacad5284f087af36103aff778746da0f2

Enter the version of the package you're using.

Introduced in: 0 Fixed in: 3.14.1

Fix pip install --upgrade 'aiohttp>=3.14.1'