Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-trp4-phyv-bfb2
SummaryWaitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while we read the next request and queue it. This will allow the secondary request to be serviced by the worker thread while the connection should be closed. Waitress 3.0.1 fixes the race condition. As a workaround, disable channel_request_lookahead, this is set to 0 by default disabling this feature.
Aliases
0
alias CVE-2024-49768
1
alias GHSA-9298-4cf8-g4wj
2
alias PYSEC-2024-210
Fixed_packages
0
url pkg:pypi/waitress@3.0.1
purl pkg:pypi/waitress@3.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@3.0.1
Affected_packages
0
url pkg:pypi/waitress@2.0.0
purl pkg:pypi/waitress@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gnaw-ht2x-9bas
1
vulnerability VCID-trp4-phyv-bfb2
2
vulnerability VCID-ujpr-gc5n-s3bc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@2.0.0
1
url pkg:pypi/waitress@2.1.0b0
purl pkg:pypi/waitress@2.1.0b0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gnaw-ht2x-9bas
1
vulnerability VCID-trp4-phyv-bfb2
2
vulnerability VCID-ujpr-gc5n-s3bc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@2.1.0b0
2
url pkg:pypi/waitress@2.1.0
purl pkg:pypi/waitress@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-gnaw-ht2x-9bas
1
vulnerability VCID-r9h3-c2kh-a3ey
2
vulnerability VCID-trp4-phyv-bfb2
3
vulnerability VCID-ujpr-gc5n-s3bc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@2.1.0
3
url pkg:pypi/waitress@2.1.1
purl pkg:pypi/waitress@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r9h3-c2kh-a3ey
1
vulnerability VCID-trp4-phyv-bfb2
2
vulnerability VCID-ujpr-gc5n-s3bc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@2.1.1
4
url pkg:pypi/waitress@2.1.2
purl pkg:pypi/waitress@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-trp4-phyv-bfb2
1
vulnerability VCID-ujpr-gc5n-s3bc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@2.1.2
5
url pkg:pypi/waitress@3.0.0
purl pkg:pypi/waitress@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-trp4-phyv-bfb2
1
vulnerability VCID-ujpr-gc5n-s3bc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@3.0.0
References
0
reference_url https://github.com/Pylons/waitress/commit/e4359018537af376cf24bd13616d861e2fb76f65
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://github.com/Pylons/waitress/commit/e4359018537af376cf24bd13616d861e2fb76f65
1
reference_url https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
Weaknesses
Exploits
Severity_range_score4.8 - 4.8
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-trp4-phyv-bfb2