Vulnerability	Vulnerable Version
C Time-of-check Time-of-use (TOCTOU) Race Condition waitress is a production-quality pure-Python WSGI server with very acceptable performance. Affected versions of this package are vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition in HTTP pipelining when handling an invalid initial request. An attacker can exploit this vulnerability to process unauthorized requests by sending a specially crafted sequence of requests where the first request is exactly `recv_bytes` long and followed by a secondary request using HTTP pipelining. How to fix Time-of-check Time-of-use (TOCTOU) Race Condition? Upgrade `waitress` to version 3.0.1 or higher.	[2.0.0,3.0.1)
H Missing Release of Resource after Effective Lifetime waitress is a production-quality pure-Python WSGI server with very acceptable performance. Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime due to the improper handling of socket connections when a remote client prematurely closes the connection, before `waitress` has had the opportunity to call `getpeername()`. An attacker can exhaust system resources and cause high CPU usage by repeatedly opening and closing connections, leading to a busy-loop in the server's socket handling. How to fix Missing Release of Resource after Effective Lifetime? Upgrade `waitress` to version 3.0.1 or higher.	[,3.0.1)

Time-of-check Time-of-use (TOCTOU) Race Condition

waitress is a production-quality pure-Python WSGI server with very acceptable performance.

Affected versions of this package are vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition in HTTP pipelining when handling an invalid initial request. An attacker can exploit this vulnerability to process unauthorized requests by sending a specially crafted sequence of requests where the first request is exactly recv_bytes long and followed by a secondary request using HTTP pipelining.

How to fix Time-of-check Time-of-use (TOCTOU) Race Condition?

Upgrade waitress to version 3.0.1 or higher.

[2.0.0,3.0.1)

Missing Release of Resource after Effective Lifetime

waitress is a production-quality pure-Python WSGI server with very acceptable performance.

Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime due to the improper handling of socket connections when a remote client prematurely closes the connection, before waitress has had the opportunity to call getpeername(). An attacker can exhaust system resources and cause high CPU usage by repeatedly opening and closing connections, leading to a busy-loop in the server's socket handling.

How to fix Missing Release of Resource after Effective Lifetime?

Upgrade waitress to version 3.0.1 or higher.

[,3.0.1)

Go back to all versions of this package