A memory leak can occur when a request produces a MatchInfoError
. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError
producing a unique cache entry.
If the user is making use of any middlewares with aiohttp.web
then it is advisable to upgrade immediately.
An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests.
Patch: https://github.com/aio-libs/aiohttp/commit/bc15db61615079d1b6327ba42c682f758fa96936
{ "nvd_published_at": "2024-11-18T20:15:06Z", "cwe_ids": [ "CWE-772" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-11-18T21:02:17Z" }