Vulnerability	Vulnerable Version
H Missing Release of Resource after Effective Lifetime waitress is a production-quality pure-Python WSGI server with very acceptable performance. Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime due to the improper handling of socket connections when a remote client prematurely closes the connection, before `waitress` has had the opportunity to call `getpeername()`. An attacker can exhaust system resources and cause high CPU usage by repeatedly opening and closing connections, leading to a busy-loop in the server's socket handling. How to fix Missing Release of Resource after Effective Lifetime? Upgrade `waitress` to version 3.0.1 or higher.	[,3.0.1)
H HTTP Request Smuggling waitress is a production-quality pure-Python WSGI server with very acceptable performance. Affected versions of this package are vulnerable to HTTP Request Smuggling via the front-end proxy, due to incorrect validation. How to fix HTTP Request Smuggling? Upgrade `waitress` to version 2.1.1 or higher.	[,2.1.1)
H HTTP Request Smuggling waitress is a production-quality pure-Python WSGI server with very acceptable performance. Affected versions of this package are vulnerable to HTTP Request Smuggling. Potential HTTP pipelining issues and request smuggling attacks might be possible due to waitress not correctly responding to HTTP requests. Note: An incomplete fix was released in version 1.4.1. How to fix HTTP Request Smuggling? Upgrade `waitress` to version 1.4.2 or higher.	[,1.4.2)

Go back to all versions of this package