AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the hosts memory. This issue is fixed in version 3.13.3.
The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.