Homepage

waitress@2.0.0b1 vulnerabilities

Waitress WSGI server

  • latest version

    3.0.2

  • latest non vulnerable version

    3.0.2

  • first published

    13 years ago

  • latest version published

    5 months ago

  • licenses detected

  • View waitress package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the waitress package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Missing Release of Resource after Effective Lifetime

    waitress is a production-quality pure-Python WSGI server with very acceptable performance.

    Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime due to the improper handling of socket connections when a remote client prematurely closes the connection, before waitress has had the opportunity to call getpeername(). An attacker can exhaust system resources and cause high CPU usage by repeatedly opening and closing connections, leading to a busy-loop in the server's socket handling.

    How to fix Missing Release of Resource after Effective Lifetime?

    Upgrade waitress to version 3.0.1 or higher.

    [,3.0.1)
    • H
    HTTP Request Smuggling

    waitress is a production-quality pure-Python WSGI server with very acceptable performance.

    Affected versions of this package are vulnerable to HTTP Request Smuggling via the front-end proxy, due to incorrect validation.

    How to fix HTTP Request Smuggling?

    Upgrade waitress to version 2.1.1 or higher.

    [,2.1.1)
    Go back to all versions of this package