Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/python-eventlet@0.39.1-2%2Bdeb13u1
purl pkg:deb/debian/python-eventlet@0.39.1-2%2Bdeb13u1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-bnye-3p23-zyc9 Eventlet affected by HTTP request smuggling in unparsed trailers ### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches ### Patches Problem has been patched in eventlet 0.40.3. The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup. ### Workarounds Do not use eventlet.wsgi facing untrusted clients. ### References - Patch https://github.com/eventlet/eventlet/pull/1062 - This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj CVE-2025-58068
GHSA-hw6f-rjfj-j7j7

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:43:37.355663+00:00 Debian Importer Fixing VCID-bnye-3p23-zyc9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:43:35.390163+00:00 Debian Importer Fixing VCID-bnye-3p23-zyc9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-08T19:48:42.403439+00:00 Debian Importer Fixing VCID-bnye-3p23-zyc9 https://security-tracker.debian.org/tracker/data/json 38.1.0