Skip to content

DoS when bypassing asserts

High
Dreamsorcerer published GHSA-jj3x-wxrx-4x23 Jan 5, 2026

Package

pip aiohttp (pip)

Affected versions

<=3.13.2

Patched versions

3.13.3

Description

Summary

When assert statements are bypassed, an infinite loop can occur, resulting in a DoS attack when processing a POST body.

Impact

If optimisations are enabled (-O or PYTHONOPTIMIZE=1), and the application includes a handler that uses the Request.post() method, then an attacker may be able to execute a DoS attack with a specially crafted message.

Patch: bc1319e

Severity

High

CVE ID

CVE-2025-69227

Weaknesses

No CWEs

Credits