VulnerableCode Package Details - pkg:deb/debian/python-eventlet@0.40.4-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3thq-dnhj-t7d5	python-eventlet: patch regression for CVE-2021-21419 in some Red Hat builds	CVE-2023-5625
VCID-bnye-3p23-zyc9	Eventlet affected by HTTP request smuggling in unparsed trailers ### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches ### Patches Problem has been patched in eventlet 0.40.3. The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup. ### Workarounds Do not use eventlet.wsgi facing untrusted clients. ### References - Patch https://github.com/eventlet/eventlet/pull/1062 - This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj	CVE-2025-58068 GHSA-hw6f-rjfj-j7j7
VCID-cgcf-st57-tkd1	Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.	CVE-2021-21419 GHSA-9p9m-jm8w-94p2 PYSEC-2021-12

Vulnerability

Summary

Aliases

VCID-3thq-dnhj-t7d5

python-eventlet: patch regression for CVE-2021-21419 in some Red Hat builds

CVE-2023-5625

VCID-bnye-3p23-zyc9

Eventlet affected by HTTP request smuggling in unparsed trailers ### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches ### Patches Problem has been patched in eventlet 0.40.3. The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup. ### Workarounds Do not use eventlet.wsgi facing untrusted clients. ### References - Patch https://github.com/eventlet/eventlet/pull/1062 - This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj

CVE-2025-58068
GHSA-hw6f-rjfj-j7j7

VCID-cgcf-st57-tkd1

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.

CVE-2021-21419
GHSA-9p9m-jm8w-94p2
PYSEC-2021-12

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:44:53.963739+00:00	Debian Importer	Fixing	VCID-3thq-dnhj-t7d5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:06:23.558382+00:00	Debian Importer	Fixing	VCID-cgcf-st57-tkd1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:44:31.396047+00:00	Debian Importer	Fixing	VCID-3thq-dnhj-t7d5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:47:07.651445+00:00	Debian Importer	Fixing	VCID-cgcf-st57-tkd1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:46.995504+00:00	Debian Importer	Fixing	VCID-bnye-3p23-zyc9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:46.944435+00:00	Debian Importer	Fixing	VCID-3thq-dnhj-t7d5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:46.901823+00:00	Debian Importer	Fixing	VCID-cgcf-st57-tkd1	https://security-tracker.debian.org/tracker/data/json	38.1.0