waitress
PyPI9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting waitresspage 1 of 1
- CVE-2019-16785HIGHCVSS 7.1EG 7.1✓ Fixed in 1.4.02019-12-20
vulnerable: 0.1 ... 1.3.1 (37 versions)
Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ig…
- CVE-2019-16786HIGHCVSS 7.1EG 7.1✓ Fixed in 1.3.12019-12-20
vulnerable: 0.1 ... 1.3.0 (36 versions)
Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard …
- CVE-2019-16789HIGHCVSS 7.1EG 7.1✓ Fixed in 1.4.12019-12-26
vulnerable: 0.1 ... 1.4.0 (38 versions)
In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smug…
- CVE-2019-16792HIGHCVSS 7.1EG 7.1✓ Fixed in 1.4.02020-01-22
vulnerable: 0.1 ... 1.3.1 (37 versions)
Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would…
- CVE-2020-5236MEDIUMCVSS 5.7EG 5.7✓ Fixed in 1.4.32020-02-04
vulnerable: 0.1 ... 1.4.2 (40 versions)
Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically …
- CVE-2022-24761HIGHCVSS 7.5EG 7.5✓ Fixed in 2.1.12022-03-17
vulnerable: 0.1 ... 2.1.0b0 (47 versions)
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the fron…
- CVE-2022-31015MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.1.22022-05-31
vulnerable: 2.1.0, 2.1.1
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread…
- CVE-2024-49768CRITICALCVSS 9.1EG 9.1✓ Fixed in 3.0.12024-10-29
vulnerable: 2.0.0 ... 3.0.0 (6 versions)
Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is d…
- CVE-2024-49769HIGHCVSS 7.5EG 7.5✓ Fixed in 3.0.12024-10-29
vulnerable: 0.1 ... 3.0.0 (50 versions)
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the …
Check whether waitress is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for waitress CVEs against the assets you own.
Start Free Scan →