{"url":"http://public2.vulnerablecode.io/api/packages/27032?format=json","purl":"pkg:pypi/waitress@1.4.4","type":"pypi","namespace":"","name":"waitress","version":"1.4.4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.1","latest_non_vulnerable_version":"3.0.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4946?format=json","vulnerability_id":"VCID-gnaw-ht2x-9bas","summary":"","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24761"},{"reference_url":"https://github.com/Pylons/waitress","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Pylons/waitress"},{"reference_url":"https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0"},{"reference_url":"https://github.com/Pylons/waitress/releases/tag/v2.1.1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Pylons/waitress/releases/tag/v2.1.1"},{"reference_url":"https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2022-169.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2022-169.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html"},{"reference_url":"https://www.debian.org/security/2022/dsa-5138","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2022/dsa-5138"},{"reference_url":"https://security.archlinux.org/AVG-2723","reference_id":"AVG-2723","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2723"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24761","reference_id":"CVE-2022-24761","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24761"},{"reference_url":"https://github.com/advisories/GHSA-4f7p-27jc-3c36","reference_id":"GHSA-4f7p-27jc-3c36","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4f7p-27jc-3c36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27038?format=json","purl":"pkg:pypi/waitress@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-r9h3-c2kh-a3ey"},{"vulnerability":"VCID-trp4-phyv-bfb2"},{"vulnerability":"VCID-ujpr-gc5n-s3bc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@2.1.1"}],"aliases":["CVE-2022-24761","GHSA-4f7p-27jc-3c36","PYSEC-2022-169"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gnaw-ht2x-9bas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36917?format=json","vulnerability_id":"VCID-ujpr-gc5n-s3bc","summary":"Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resources required. Waitress 3.0.1 contains fixes that remove the race condition.","references":[{"reference_url":"https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c"},{"reference_url":"https://github.com/Pylons/waitress/issues/418","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/Pylons/waitress/issues/418"},{"reference_url":"https://github.com/Pylons/waitress/pull/435","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/Pylons/waitress/pull/435"},{"reference_url":"https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00012.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/43765?format=json","purl":"pkg:pypi/waitress@3.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@3.0.1"}],"aliases":["CVE-2024-49769","GHSA-3f84-rpwh-47g6","PYSEC-2024-211"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujpr-gc5n-s3bc"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/waitress@1.4.4"}