MEDIUM
GHSA-w2fm-2cpv-w7v5
aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage
상세
### Summary
Insufficient restrictions in header/trailer handling could cause uncapped memory usage.
### Impact
An application could cause memory exhaustion when receiving an attacker controlled request or response. A vulnerable web application could mitigate these risks with a typical reverse proxy configuration.
-----
Patch: https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://github.com/aio-libs/aiohttp/security/advisories/GHSA-w2fm-2cpv-w7v5 [WEB]
- https://nvd.nist.gov/vuln/detail/CVE-2026-22815 [ADVISORY]
- https://github.com/aio-libs/aiohttp/commit/0c2e9da51126238a421568eb7c5b53e5b5d17b36 [WEB]
- https://github.com/aio-libs/aiohttp [PACKAGE]
- https://github.com/aio-libs/aiohttp/releases/tag/v3.13.4 [WEB]