Skip to content

chore(deps-dev): bump aiohttp from 3.12.15 to 3.13.2 #1382

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
dependabot wants to merge 1 commit into from

chore(deps-dev): bump aiohttp from 3.12.15 to 3.13.2

4e9beb4
Select commit
Loading
Failed to load commit list.
Closed

chore(deps-dev): bump aiohttp from 3.12.15 to 3.13.2 #1382

chore(deps-dev): bump aiohttp from 3.12.15 to 3.13.2
4e9beb4
Select commit
Loading
Failed to load commit list.
Microsoft GitHub Policy Service / GitOps/AdvancedSecurity failed Apr 10, 2026 in 0s

Dependency Review

Dependency review detected vulnerable

Details

Dependency review summary

We have found 18 vulnerable package(s).

Vulnerability

Vulnerabilities were filtered by minimum severity Moderate.

Dependency File Name Version Vulnerability Severity
aiohttp requirements-dev.txt 3.13.2 AIOHTTP's HTTP Parser auto_decompress feature is vulnerable to zip bomb High
AIOHTTP accepts duplicate Host headers Moderate
AIOHTTP has a Multipart Header Size Bypass Moderate
AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows Moderate
aiohttp allows unlimited trailer headers, leading to possible uncapped memory usage Moderate
AIOHTTP vulnerable to DoS through chunked messages Moderate
AIOHTTP vulnerable to denial of service through large payloads Moderate
AIOHTTP vulnerable to DoS when bypassing asserts Moderate
AIOHTTP Vulnerable to Cookie Parser Warning Storm Low
AIOHTTP Affected by Denial of Service (DoS) via Unbounded DNS Cache in TCPConnector Low
AIOHTTP has CRLF injection through multipart part content type header construction Low
AIOHTTP vulnerable to brute-force leak of internal static file path components Low
AIOHTTP has unicode match groups in regexes for ASCII protocol elements Low
AIOHTTP has late size enforcement for non-file multipart fields causes memory DoS Low
AIOHTTP leaks Cookie and Proxy-Authorization headers on cross-origin redirect Low
AIOHTTP has HTTP response splitting via \r in reason phrase Low
AIOHTTP's C parser (llhttp) accepts null bytes and control characters in response header values - header injection/security bypass Low
AIOHTTP's unicode processing of header values could cause parsing discrepancies Low
View more details on Microsoft GitHub Policy Service