CVE-2022-40899

🗓️ 22 Dec 2022 00:00:00Reported by mitreType

An issue in Python Charmers Future 0.18.2 allows remote attackers to cause a denial of service via crafted Set-Cookie header

Reporter	Title	Published	Views	Family All 75
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in Python Charmers Future (CVE-2022-40899)	31 Mar 202317:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities	20 Jun 202304:41	–	ibm
Tenable Nessus	Amazon Linux 2023 : python3-future (ALAS2023-2023-173)	3 May 202300:00	–	nessus
Tenable Nessus	Dell PowerScale OneFS Multiple Vulnerabilities (DSA-2025-208)	26 Jan 202600:00	–	nessus
Tenable Nessus	RHEL 8 : RHUI 4.4.0 - Security Fixes, Bug Fixes, and Enhancements Update (Moderate) (RHSA-2023:2101)	28 Apr 202400:00	–	nessus
Tenable Nessus	RHEL 8 : Satellite 6.13.3 Async Security Update (Important) (RHSA-2023:4466)	28 Apr 202400:00	–	nessus
Tenable Nessus	RHEL 8 : Satellite 6.14 (RHSA-2023:6818)	29 Apr 202400:00	–	nessus
Tenable Nessus	RHEL 7 : future (Unpatched Vulnerability)	3 Jun 202400:00	–	nessus
Tenable Nessus	Rocky Linux 8 : Satellite 6.14 (RLSA-2023:6818)	11 Nov 202300:00	–	nessus
Tenable Nessus	Splunk Enterprise 8.2.0 < 8.2.12, 9.0.0 < 9.0.6, 9.1.0 < 9.1.1 (SVD-2023-0808)	2 May 202400:00	–	nessus

NVD

Node

Source	Link
github	www.github.com/python/cpython/pull/17157
pyup	www.pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
github	www.github.com/PythonCharmers/python-future/blob/master/src/future/backports/http/cookiejar.py
pypi	www.pypi.org/project/future/
github	www.github.com/PythonCharmers/python-future/pull/610

15 Apr 2025 16:15Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.5

EPSS0.00427

SSVC