You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve 2024 30251
About this tag
CVE-2024-30251 is a critical denial-of-service vulnerability in the aiohttp Python HTTP framework, a widely used library for building asynchronous web services. The flaw allows a remote, unauthenticated attacker to crash an application by sending a single specially crafted multipart/form-data POST request, exploiting an infinite-loop condition in the multipart parsing code. This can render a server unavailable until it is restarted or patched. The vulnerability is fixed in aiohttp version 3.9.4. For developers and operators hosting Python async web services, this represents an immediate availability risk that requires upgrading to the patched version.
A critical denial‑of‑service vulnerability in the widely used Python HTTP framework aiohttp lets a remote, unauthenticated attacker stop an application from serving requests by sending a single specially crafted multipart/form-data POST. The flaw — tracked as CVE‑2024‑30251 and fixed in aiohttp...