PT-2022-4665 · Crow · Crow

Name of the Vulnerable Software and Affected Versions: Crow versions through 1.0+4 Description: The issue is related to HTTP applications based on Crow, where the use of HTTP pipelining can lead to a Use-After-Free condition, potentially allowing code execution. This occurs because the asynchrono...

GHSA-M5FF-3WJ3-8PH4 HTTP Request Smuggling: Invalid whitespace characters in headers in Waitress

Impact If a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Content-Length: 10 Transfer-Encoding: \x0bchunked For clarity: 0x0b == vertical...