VulnerableCode Package Details - pkg:deb/debian/python-eventlet@0.33.1-4

Search for packages

Vulnerability	Summary	Fixed by
VCID-bnye-3p23-zyc9 Aliases: CVE-2025-58068 GHSA-hw6f-rjfj-j7j7	Eventlet affected by HTTP request smuggling in unparsed trailers ### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches ### Patches Problem has been patched in eventlet 0.40.3. The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup. ### Workarounds Do not use eventlet.wsgi facing untrusted clients. ### References - Patch https://github.com/eventlet/eventlet/pull/1062 - This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj	0.39.1-2+deb13u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-bnye-3p23-zyc9
Aliases:
CVE-2025-58068
GHSA-hw6f-rjfj-j7j7

Eventlet affected by HTTP request smuggling in unparsed trailers ### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches ### Patches Problem has been patched in eventlet 0.40.3. The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup. ### Workarounds Do not use eventlet.wsgi facing untrusted clients. ### References - Patch https://github.com/eventlet/eventlet/pull/1062 - This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj

0.39.1-2+deb13u1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-bnye-3p23-zyc9	Eventlet affected by HTTP request smuggling in unparsed trailers ### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches ### Patches Problem has been patched in eventlet 0.40.3. The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup. ### Workarounds Do not use eventlet.wsgi facing untrusted clients. ### References - Patch https://github.com/eventlet/eventlet/pull/1062 - This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj	CVE-2025-58068 GHSA-hw6f-rjfj-j7j7

Vulnerability

Summary

Aliases

VCID-bnye-3p23-zyc9

CVE-2025-58068
GHSA-hw6f-rjfj-j7j7

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:43:37.352110+00:00	Debian Importer	Affected by	VCID-bnye-3p23-zyc9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-15T16:20:47.722780+00:00	Debian Oval Importer	Fixing	VCID-bnye-3p23-zyc9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-13T08:43:35.386640+00:00	Debian Importer	Affected by	VCID-bnye-3p23-zyc9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T16:08:05.381860+00:00	Debian Oval Importer	Fixing	VCID-bnye-3p23-zyc9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T19:48:42.397910+00:00	Debian Importer	Affected by	VCID-bnye-3p23-zyc9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T16:00:43.440785+00:00	Debian Oval Importer	Fixing	VCID-bnye-3p23-zyc9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0