Search for packages
| purl | pkg:pypi/eventlet@0.38.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-bnye-3p23-zyc9
Aliases: CVE-2025-58068 GHSA-hw6f-rjfj-j7j7 |
Eventlet affected by HTTP request smuggling in unparsed trailers ### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches ### Patches Problem has been patched in eventlet 0.40.3. The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup. ### Workarounds Do not use eventlet.wsgi facing untrusted clients. ### References - Patch https://github.com/eventlet/eventlet/pull/1062 - This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T23:39:30.163095+00:00 | GitLab Importer | Affected by | VCID-bnye-3p23-zyc9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2025-58068.yml | 38.4.0 |
| 2026-04-12T01:00:11.875878+00:00 | GitLab Importer | Affected by | VCID-bnye-3p23-zyc9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2025-58068.yml | 38.3.0 |
| 2026-04-03T01:08:23.773949+00:00 | GitLab Importer | Affected by | VCID-bnye-3p23-zyc9 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2025-58068.yml | 38.1.0 |