You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
aiohttp: HTTP/1 Pipelined Requests Queue Without Limit
Moderate severity
GitHub Reviewed
Published
Jun 8, 2026
in
aio-libs/aiohttp
•
Updated Jun 15, 2026
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Learn more on MITRE.
Summary
No limit was present on the number of pipelined requests that could be queued.
Impact
An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS.
Patch: aio-libs/aiohttp@dfdfa9d
References