VulnerableCode Package Details - pkg:pypi/eventlet@0.25.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-7493-kzzq-27dw Aliases: CVE-2023-29483 GHSA-3rq5-2g8h-59hc	Potential DoS via the Tudoor mechanism in eventlet and dnspython eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.	0.35.2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-bnye-3p23-zyc9 Aliases: CVE-2025-58068 GHSA-hw6f-rjfj-j7j7	Eventlet affected by HTTP request smuggling in unparsed trailers ### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches ### Patches Problem has been patched in eventlet 0.40.3. The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup. ### Workarounds Do not use eventlet.wsgi facing untrusted clients. ### References - Patch https://github.com/eventlet/eventlet/pull/1062 - This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj	0.40.3 Affected by 0 other vulnerabilities.
VCID-cgcf-st57-tkd1 Aliases: CVE-2021-21419 GHSA-9p9m-jm8w-94p2 PYSEC-2021-12	Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.	0.31.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-7493-kzzq-27dw
Aliases:
CVE-2023-29483
GHSA-3rq5-2g8h-59hc

Potential DoS via the Tudoor mechanism in eventlet and dnspython eventlet before 0.35.2, as used in dnspython before 2.6.0, allows remote attackers to interfere with DNS name resolution by quickly sending an invalid packet from the expected IP address and source port, aka a "TuDoor" attack. In other words, dnspython does not have the preferred behavior in which the DNS name resolution algorithm would proceed, within the full time window, in order to wait for a valid packet. NOTE: dnspython 2.6.0 is unusable for a different reason that was addressed in 2.6.1.

0.35.2
Affected by 1 other vulnerability.

VCID-bnye-3p23-zyc9
Aliases:
CVE-2025-58068
GHSA-hw6f-rjfj-j7j7

Eventlet affected by HTTP request smuggling in unparsed trailers ### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches ### Patches Problem has been patched in eventlet 0.40.3. The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup. ### Workarounds Do not use eventlet.wsgi facing untrusted clients. ### References - Patch https://github.com/eventlet/eventlet/pull/1062 - This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj

0.40.3
Affected by 0 other vulnerabilities.

VCID-cgcf-st57-tkd1
Aliases:
CVE-2021-21419
GHSA-9p9m-jm8w-94p2
PYSEC-2021-12

Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.

0.31.0
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:39:30.067547+00:00	GitLab Importer	Affected by	VCID-bnye-3p23-zyc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2025-58068.yml	38.4.0
2026-04-16T22:55:43.084368+00:00	GitLab Importer	Affected by	VCID-7493-kzzq-27dw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2023-29483.yml	38.4.0
2026-04-16T21:22:27.226687+00:00	GitLab Importer	Affected by	VCID-cgcf-st57-tkd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2021-21419.yml	38.4.0
2026-04-12T01:00:11.766276+00:00	GitLab Importer	Affected by	VCID-bnye-3p23-zyc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2025-58068.yml	38.3.0
2026-04-12T00:14:18.983845+00:00	GitLab Importer	Affected by	VCID-7493-kzzq-27dw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2023-29483.yml	38.3.0
2026-04-11T22:35:01.476257+00:00	GitLab Importer	Affected by	VCID-cgcf-st57-tkd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2021-21419.yml	38.3.0
2026-04-03T01:08:23.664407+00:00	GitLab Importer	Affected by	VCID-bnye-3p23-zyc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2025-58068.yml	38.1.0
2026-04-03T00:20:38.485045+00:00	GitLab Importer	Affected by	VCID-7493-kzzq-27dw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2023-29483.yml	38.1.0
2026-04-02T22:46:08.495271+00:00	GitLab Importer	Affected by	VCID-cgcf-st57-tkd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2021-21419.yml	38.1.0
2026-04-01T17:03:59.315452+00:00	GitLab Importer	Affected by	VCID-cgcf-st57-tkd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2021-21419.yml	38.0.0
2026-04-01T15:05:12.170957+00:00	PyPI Importer	Affected by	VCID-cgcf-st57-tkd1	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.0.0
2026-04-01T12:44:05.472111+00:00	Pypa Importer	Affected by	VCID-cgcf-st57-tkd1	https://github.com/pypa/advisory-database/blob/main/vulns/eventlet/PYSEC-2021-12.yaml	38.0.0