Headline
GHSA-rwqr-c348-m5wr: Denial of Service in aiohttp
aiohttp v3.8.1 was discovered to contain an invalid IPv6 URL which can lead to a Denial of Service (DoS).
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2022-33124
Denial of Service in aiohttp
Moderate severity GitHub Reviewed Published Jun 24, 2022 • Updated Jun 25, 2022
We are still processing this advisory. You may have affected repositories that are not yet on this list. Check back soon for more.
Package
pip aiohttp (pip)
Affected versions
<= 3.8.1
Description
Related news
CVE-2022-33124: nvalid IPv6 URL · Issue #6772 · aio-libs/aiohttp
** DISPUTED ** AIOHTTP 3.8.1 can report a "ValueError: Invalid IPv6 URL" outcome, which can lead to a Denial of Service (DoS). NOTE: multiple third parties dispute this issue because there is no example of a context in which denial of service would occur, and many common contexts have exception handing in the calling application.