Search for packages
| purl | pkg:deb/debian/python-eventlet@0.33.1-4?distro=trixie |
| Next non-vulnerable version | 0.39.1-2+deb13u1 |
| Latest non-vulnerable version | 0.40.4-1 |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bnye-3p23-zyc9
Aliases: CVE-2025-58068 GHSA-hw6f-rjfj-j7j7 |
Eventlet affected by HTTP request smuggling in unparsed trailers ### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches ### Patches Problem has been patched in eventlet 0.40.3. The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup. ### Workarounds Do not use eventlet.wsgi facing untrusted clients. ### References - Patch https://github.com/eventlet/eventlet/pull/1062 - This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3thq-dnhj-t7d5 | python-eventlet: patch regression for CVE-2021-21419 in some Red Hat builds |
CVE-2023-5625
|
| VCID-cgcf-st57-tkd1 | Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process. |
CVE-2021-21419
GHSA-9p9m-jm8w-94p2 PYSEC-2021-12 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T12:44:53.954631+00:00 | Debian Importer | Fixing | VCID-3thq-dnhj-t7d5 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T10:06:23.544055+00:00 | Debian Importer | Fixing | VCID-cgcf-st57-tkd1 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-13T08:44:31.386795+00:00 | Debian Importer | Fixing | VCID-3thq-dnhj-t7d5 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-13T06:47:07.636071+00:00 | Debian Importer | Fixing | VCID-cgcf-st57-tkd1 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:50:46.968156+00:00 | Debian Importer | Affected by | VCID-bnye-3p23-zyc9 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:50:46.924217+00:00 | Debian Importer | Fixing | VCID-3thq-dnhj-t7d5 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:50:46.874689+00:00 | Debian Importer | Fixing | VCID-cgcf-st57-tkd1 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |