cve 2024 30251

About this tag
CVE-2024-30251 is a critical denial-of-service vulnerability in the aiohttp Python HTTP framework, a widely used library for building asynchronous web services. The flaw allows a remote, unauthenticated attacker to crash an application by sending a single specially crafted multipart/form-data POST request, exploiting an infinite-loop condition in the multipart parsing code. This can render a server unavailable until it is restarted or patched. The vulnerability is fixed in aiohttp version 3.9.4. For developers and operators hosting Python async web services, this represents an immediate availability risk that requires upgrading to the patched version.
  1. Aiohttp DoS CVE-2024-30251: Upgrade to 3.9.4 to Restore Availability

    A critical denial‑of‑service vulnerability in the widely used Python HTTP framework aiohttp lets a remote, unauthenticated attacker stop an application from serving requests by sending a single specially crafted multipart/form-data POST. The flaw — tracked as CVE‑2024‑30251 and fixed in aiohttp...