CVE-2019-16792 – waitress

Package

Manager: pip
Name: waitress
Vulnerable Version: >=0 <1.4.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00851 pctl0.74053

Details

Inconsistent Interpretation of HTTP Requests in Waitress Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.

Metadata

Created: 2022-05-24T17:07:06Z
Modified: 2022-06-27T16:10:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j7j6-7hfx-5522/GHSA-j7j6-7hfx-5522.json
CWE IDs: ["CWE-444"]
Alternative ID: GHSA-j7j6-7hfx-5522
Finding: F110
Auto approve: 1