Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/waitress@1.2.0b1
Typepypi
Namespace
Namewaitress
Version1.2.0b1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.0.1
Latest_non_vulnerable_version3.0.1
Affected_by_vulnerabilities
0
url VCID-2tuq-pc83-cqe8
vulnerability_id VCID-2tuq-pc83-cqe8
summary Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most encoding first, followed by any further transfer codings, ending with chunked. Requests sent with: "Transfer-Encoding: gzip, chunked" would incorrectly get ignored, and the request would use a Content-Length header instead to determine the body size of the HTTP message. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in Waitress 1.4.0.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0720
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0720
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16786.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16786.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16786
reference_id
reference_type
scores
0
value 0.00795
scoring_system epss
scoring_elements 0.74318
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16786
3
reference_url https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
4
reference_url https://github.com/Pylons/waitress
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress
5
reference_url https://github.com/Pylons/waitress/commit/f11093a6b3240fc26830b6111e826128af7771c3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/commit/f11093a6b3240fc26830b6111e826128af7771c3
6
reference_url https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2019-137.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2019-137.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/
13
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1791415
reference_id 1791415
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1791415
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947306
reference_id 947306
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947306
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16786
reference_id CVE-2019-16786
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16786
17
reference_url https://github.com/advisories/GHSA-g2xc-35jw-c63p
reference_id GHSA-g2xc-35jw-c63p
reference_type
scores
url https://github.com/advisories/GHSA-g2xc-35jw-c63p
18
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/waitress@1.3.1
purl pkg:pypi/waitress@1.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2tuq-pc83-cqe8
1
vulnerability VCID-3664-qefb-hkct
2
vulnerability VCID-5g9e-fz5j-5fg6
3
vulnerability VCID-9gra-5w8b-mfa2
4
vulnerability VCID-gnaw-ht2x-9bas
5
vulnerability VCID-ujpr-gc5n-s3bc
6
vulnerability VCID-zd7n-85nm-93cm
7
vulnerability VCID-zj3b-zzx3-nyam
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@1.3.1
1
url pkg:pypi/waitress@1.4.0
purl pkg:pypi/waitress@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5g9e-fz5j-5fg6
1
vulnerability VCID-gnaw-ht2x-9bas
2
vulnerability VCID-ujpr-gc5n-s3bc
3
vulnerability VCID-zd7n-85nm-93cm
4
vulnerability VCID-zj3b-zzx3-nyam
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@1.4.0
aliases CVE-2019-16786, GHSA-g2xc-35jw-c63p, PYSEC-2019-137
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2tuq-pc83-cqe8
1
url VCID-3664-qefb-hkct
vulnerability_id VCID-3664-qefb-hkct
summary Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16792
reference_id
reference_type
scores
0
value 0.00851
scoring_system epss
scoring_elements 0.75257
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16792
1
reference_url https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
2
reference_url https://github.com/advisories/GHSA-j7j6-7hfx-5522
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-j7j6-7hfx-5522
3
reference_url https://github.com/Pylons/waitress
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress
4
reference_url https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65
5
reference_url https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2020-178.yaml
reference_id
reference_type
scores
0
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2020-178.yaml
7
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html
8
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16792
reference_id CVE-2019-16792
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16792
10
reference_url https://github.com/advisories/GHSA-4ppp-gpcr-7qf6
reference_id GHSA-4ppp-gpcr-7qf6
reference_type
scores
url https://github.com/advisories/GHSA-4ppp-gpcr-7qf6
fixed_packages
0
url pkg:pypi/waitress@1.4.0
purl pkg:pypi/waitress@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5g9e-fz5j-5fg6
1
vulnerability VCID-gnaw-ht2x-9bas
2
vulnerability VCID-ujpr-gc5n-s3bc
3
vulnerability VCID-zd7n-85nm-93cm
4
vulnerability VCID-zj3b-zzx3-nyam
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@1.4.0
aliases CVE-2019-16792, GHSA-4ppp-gpcr-7qf6, GHSA-j7j6-7hfx-5522, PYSEC-2020-178
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3664-qefb-hkct
2
url VCID-5g9e-fz5j-5fg6
vulnerability_id VCID-5g9e-fz5j-5fg6
summary Waitress version 1.4.2 allows a DOS attack When waitress receives a header that contains invalid characters. When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline. This issue was introduced in version 1.4.2 when the regular expression was updated to attempt to match the behaviour required by errata associated with RFC7230. The regular expression that is used to validate incoming headers has been updated in version 1.4.3, it is recommended that people upgrade to the new version of Waitress as soon as possible.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5236.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-5236.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-5236
reference_id
reference_type
scores
0
value 0.13332
scoring_system epss
scoring_elements 0.94306
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-5236
2
reference_url https://github.com/Pylons/waitress
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress
3
reference_url https://github.com/Pylons/waitress/commit/6e46f9e3f014d64dd7d1e258eaf626e39870ee1f
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/commit/6e46f9e3f014d64dd7d1e258eaf626e39870ee1f
4
reference_url https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2020-155.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2020-155.yaml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1831068
reference_id 1831068
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1831068
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-5236
reference_id CVE-2020-5236
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-5236
8
reference_url https://github.com/advisories/GHSA-73m2-3pwg-5fgc
reference_id GHSA-73m2-3pwg-5fgc
reference_type
scores
url https://github.com/advisories/GHSA-73m2-3pwg-5fgc
fixed_packages
0
url pkg:pypi/waitress@1.4.3
purl pkg:pypi/waitress@1.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gnaw-ht2x-9bas
1
vulnerability VCID-ujpr-gc5n-s3bc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@1.4.3
aliases CVE-2020-5236, GHSA-73m2-3pwg-5fgc, PYSEC-2020-155
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5g9e-fz5j-5fg6
3
url VCID-9gra-5w8b-mfa2
vulnerability_id VCID-9gra-5w8b-mfa2
summary Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR." Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0720
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0720
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16785.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16785.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16785
reference_id
reference_type
scores
0
value 0.01023
scoring_system epss
scoring_elements 0.77595
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16785
3
reference_url https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
4
reference_url https://github.com/Pylons/waitress
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress
5
reference_url https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba
6
reference_url https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2019-136.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2019-136.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/
13
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1791420
reference_id 1791420
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1791420
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947306
reference_id 947306
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947306
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16785
reference_id CVE-2019-16785
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16785
17
reference_url https://github.com/advisories/GHSA-pg36-wpm5-g57p
reference_id GHSA-pg36-wpm5-g57p
reference_type
scores
url https://github.com/advisories/GHSA-pg36-wpm5-g57p
18
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/waitress@1.4.0
purl pkg:pypi/waitress@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5g9e-fz5j-5fg6
1
vulnerability VCID-gnaw-ht2x-9bas
2
vulnerability VCID-ujpr-gc5n-s3bc
3
vulnerability VCID-zd7n-85nm-93cm
4
vulnerability VCID-zj3b-zzx3-nyam
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@1.4.0
aliases CVE-2019-16785, GHSA-pg36-wpm5-g57p, PYSEC-2019-136
risk_score 3.2
exploitability 0.5
weighted_severity 6.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9gra-5w8b-mfa2
4
url VCID-gnaw-ht2x-9bas
vulnerability_id VCID-gnaw-ht2x-9bas
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24761.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24761.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-24761
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52471
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-24761
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24761
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24761
3
reference_url https://github.com/Pylons/waitress
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress
4
reference_url https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0
5
reference_url https://github.com/Pylons/waitress/releases/tag/v2.1.1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/releases/tag/v2.1.1
6
reference_url https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2022-169.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2022-169.yaml
8
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html
9
reference_url https://www.debian.org/security/2022/dsa-5138
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5138
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008013
reference_id 1008013
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008013
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2065086
reference_id 2065086
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2065086
12
reference_url https://security.archlinux.org/AVG-2723
reference_id AVG-2723
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2723
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-24761
reference_id CVE-2022-24761
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-24761
14
reference_url https://github.com/advisories/GHSA-4f7p-27jc-3c36
reference_id GHSA-4f7p-27jc-3c36
reference_type
scores
url https://github.com/advisories/GHSA-4f7p-27jc-3c36
15
reference_url https://access.redhat.com/errata/RHSA-2022:1253
reference_id RHSA-2022:1253
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1253
16
reference_url https://access.redhat.com/errata/RHSA-2022:1254
reference_id RHSA-2022:1254
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1254
17
reference_url https://access.redhat.com/errata/RHSA-2022:1264
reference_id RHSA-2022:1264
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1264
fixed_packages
0
url pkg:pypi/waitress@2.1.1
purl pkg:pypi/waitress@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r9h3-c2kh-a3ey
1
vulnerability VCID-trp4-phyv-bfb2
2
vulnerability VCID-ujpr-gc5n-s3bc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@2.1.1
aliases CVE-2022-24761, GHSA-4f7p-27jc-3c36, PYSEC-2022-169
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnaw-ht2x-9bas
5
url VCID-ujpr-gc5n-s3bc
vulnerability_id VCID-ujpr-gc5n-s3bc
summary Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49769.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-49769.json
1
reference_url https://github.com/Pylons/waitress
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress
2
reference_url https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c
3
reference_url https://github.com/Pylons/waitress/issues/418
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/issues/418
4
reference_url https://github.com/Pylons/waitress/pull/435
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/pull/435
5
reference_url https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2024-211.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2024-211.yaml
7
reference_url https://lists.debian.org/debian-lts-announce/2024/11/msg00012.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/11/msg00012.html
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086468
reference_id 1086468
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086468
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2322461
reference_id 2322461
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2322461
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-49769
reference_id CVE-2024-49769
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-49769
11
reference_url https://github.com/advisories/GHSA-3f84-rpwh-47g6
reference_id GHSA-3f84-rpwh-47g6
reference_type
scores
url https://github.com/advisories/GHSA-3f84-rpwh-47g6
12
reference_url https://access.redhat.com/errata/RHSA-2024:10145
reference_id RHSA-2024:10145
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10145
13
reference_url https://access.redhat.com/errata/RHSA-2024:10535
reference_id RHSA-2024:10535
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10535
14
reference_url https://access.redhat.com/errata/RHSA-2024:10815
reference_id RHSA-2024:10815
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10815
15
reference_url https://access.redhat.com/errata/RHSA-2024:9613
reference_id RHSA-2024:9613
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9613
16
reference_url https://access.redhat.com/errata/RHSA-2024:9618
reference_id RHSA-2024:9618
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9618
17
reference_url https://access.redhat.com/errata/RHSA-2024:9623
reference_id RHSA-2024:9623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:9623
18
reference_url https://access.redhat.com/errata/RHSA-2025:0201
reference_id RHSA-2025:0201
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0201
19
reference_url https://access.redhat.com/errata/RHSA-2025:1191
reference_id RHSA-2025:1191
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1191
20
reference_url https://access.redhat.com/errata/RHSA-2025:1192
reference_id RHSA-2025:1192
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1192
fixed_packages
0
url pkg:pypi/waitress@3.0.1
purl pkg:pypi/waitress@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@3.0.1
aliases CVE-2024-49769, GHSA-3f84-rpwh-47g6, PYSEC-2024-211
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ujpr-gc5n-s3bc
6
url VCID-zd7n-85nm-93cm
vulnerability_id VCID-zd7n-85nm-93cm
summary In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation.
references
0
reference_url https://access.redhat.com/errata/RHSA-2020:0720
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0720
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16789.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-16789.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-16789
reference_id
reference_type
scores
0
value 0.00882
scoring_system epss
scoring_elements 0.75746
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-16789
3
reference_url https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
4
reference_url https://github.com/advisories/GHSA-968f-66r5-5v74
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-968f-66r5-5v74
5
reference_url https://github.com/github/advisory-review/pull/14604
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-review/pull/14604
6
reference_url https://github.com/Pylons/waitress
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress
7
reference_url https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017
8
reference_url https://github.com/Pylons/waitress/commit/ddb65b489d01d696afa1695b75fdd5df3e4ffdf8
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/commit/ddb65b489d01d696afa1695b75fdd5df3e4ffdf8
9
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2019-138.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2019-138.yaml
10
reference_url https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/
15
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1789807
reference_id 1789807
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1789807
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947433
reference_id 947433
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947433
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-16789
reference_id CVE-2019-16789
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-16789
19
reference_url https://github.com/Pylons/waitress/security/advisories/GHSA-968f-66r5-5v74
reference_id GHSA-968f-66r5-5v74
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/security/advisories/GHSA-968f-66r5-5v74
20
reference_url https://access.redhat.com/errata/RHSA-2021:0420
reference_id RHSA-2021:0420
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0420
fixed_packages
0
url pkg:pypi/waitress@1.4.1
purl pkg:pypi/waitress@1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5g9e-fz5j-5fg6
1
vulnerability VCID-gnaw-ht2x-9bas
2
vulnerability VCID-ujpr-gc5n-s3bc
3
vulnerability VCID-zd7n-85nm-93cm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@1.4.1
1
url pkg:pypi/waitress@1.4.2
purl pkg:pypi/waitress@1.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5g9e-fz5j-5fg6
1
vulnerability VCID-gnaw-ht2x-9bas
2
vulnerability VCID-ujpr-gc5n-s3bc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@1.4.2
aliases CVE-2019-16789, GHSA-968f-66r5-5v74, PYSEC-2019-138
risk_score 3.7
exploitability 0.5
weighted_severity 7.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zd7n-85nm-93cm
7
url VCID-zj3b-zzx3-nyam
vulnerability_id VCID-zj3b-zzx3-nyam
summary Improper Neutralization in waitress.
references
0
reference_url https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017
1
reference_url https://github.com/advisories/GHSA-m5ff-3wj3-8ph4
reference_id GHSA-m5ff-3wj3-8ph4
reference_type
scores
url https://github.com/advisories/GHSA-m5ff-3wj3-8ph4
2
reference_url https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
reference_id GHSA-m5ff-3wj3-8ph4
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
fixed_packages
0
url pkg:pypi/waitress@1.4.1
purl pkg:pypi/waitress@1.4.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5g9e-fz5j-5fg6
1
vulnerability VCID-gnaw-ht2x-9bas
2
vulnerability VCID-ujpr-gc5n-s3bc
3
vulnerability VCID-zd7n-85nm-93cm
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@1.4.1
aliases GHSA-m5ff-3wj3-8ph4, GMS-2019-112
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zj3b-zzx3-nyam
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/waitress@1.2.0b1