VulnerableCode Package Details - pkg:pypi/eventlet@0.40.3

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-bnye-3p23-zyc9	Eventlet affected by HTTP request smuggling in unparsed trailers ### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches ### Patches Problem has been patched in eventlet 0.40.3. The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup. ### Workarounds Do not use eventlet.wsgi facing untrusted clients. ### References - Patch https://github.com/eventlet/eventlet/pull/1062 - This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj	CVE-2025-58068 GHSA-hw6f-rjfj-j7j7

Vulnerability

Summary

Aliases

VCID-bnye-3p23-zyc9

Eventlet affected by HTTP request smuggling in unparsed trailers ### Impact The Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to: - Bypass front-end security controls - Launch targeted attacks against active site users - Poison web caches ### Patches Problem has been patched in eventlet 0.40.3. The patch just drops trailers. If a backend behind eventlet.wsgi proxy requires trailers, then this patch BREAKS your setup. ### Workarounds Do not use eventlet.wsgi facing untrusted clients. ### References - Patch https://github.com/eventlet/eventlet/pull/1062 - This issue is similar to https://github.com/advisories/GHSA-9548-qrrj-x5pj

CVE-2025-58068
GHSA-hw6f-rjfj-j7j7

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:39:30.186113+00:00	GitLab Importer	Fixing	VCID-bnye-3p23-zyc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2025-58068.yml	38.4.0
2026-04-12T01:00:11.901839+00:00	GitLab Importer	Fixing	VCID-bnye-3p23-zyc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2025-58068.yml	38.3.0
2026-04-07T04:58:39.216381+00:00	GHSA Importer	Fixing	VCID-bnye-3p23-zyc9	https://github.com/advisories/GHSA-hw6f-rjfj-j7j7	38.1.0
2026-04-03T01:08:23.804392+00:00	GitLab Importer	Fixing	VCID-bnye-3p23-zyc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2025-58068.yml	38.1.0
2026-04-02T12:42:06.053730+00:00	GitLab Importer	Fixing	VCID-bnye-3p23-zyc9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/eventlet/CVE-2025-58068.yml	38.0.0
2026-04-01T12:55:53.683996+00:00	GithubOSV Importer	Fixing	VCID-bnye-3p23-zyc9	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/08/GHSA-hw6f-rjfj-j7j7/GHSA-hw6f-rjfj-j7j7.json	38.0.0