EUVD-2024-0187

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-49768

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, follow...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

Amazon Linux 2023 : python3-waitress (ALAS2023-2024-773)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-773 advisory. Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

waitress: python-waitress: request processing race condition in HTTP pipelining with invalid first request

A flaw was found in the Waitress WSGI server for Python. A remote client can send a request that is exactly recvbytes, which defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default, Waitress won't read any more requests, and when th...

HTTP Request Smuggling (HRS)

Waitress is vulnerable to HTTP Request Smuggling HRS. The vulnerability is due to improper handling of request lookahead and parsing in HTTP pipelining. When request lookahead is enabled, the server processes the first request, but due to a race condition, it may start handling the second request...

AZL-57396 CVE-2024-49768 affecting package python-waitress 3.0.1-1

Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and when the...

CVE-2024-49768

Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recvbytes defaults to 8192 long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled default we won't read any more requests, and when the...

PT-2024-9201

Name of the Vulnerable Software and Affected Versions: Waitress versions prior to 3.0.1 Description: The issue is related to a race condition in the Waitress WSGI server for Python, which can be exploited by a remote client sending a request that is exactly recv bytes defaults to 8192 long,...