granian 2.7.0

Direct Vulnerabilities

Known vulnerabilities in the granian package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Uncaught Exception granian is an A Rust HTTP server for Python applications Affected versions of this package are vulnerable to Uncaught Exception via the `Sec-WebSocket-Protocol` header processing in the WebSocket upgrade request path. An attacker can cause a worker process to terminate unexpectedly by sending a specially crafted WebSocket upgrade request containing non-ASCII bytes in the `Sec-WebSocket-Protocol` header. This can be repeated across multiple workers to take the service offline. This is only exploitable if the server is running with the default panic behavior that aborts the worker process. How to fix Uncaught Exception? Upgrade `granian` to version 2.7.4 or higher.	[,2.7.4)
H Improper Handling of Exceptional Conditions granian is an A Rust HTTP server for Python applications Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions through the WSGI response conversion process. An attacker can cause the worker process to abort by supplying or influencing invalid HTTP response header names or values, such as headers containing spaces, carriage returns, line feeds, or null bytes. This is only exploitable if the WSGI application emits invalid headers, either due to application bugs or attacker-controlled input. How to fix Improper Handling of Exceptional Conditions? Upgrade `granian` to version 2.7.4 or higher.	[,2.7.4)

Vulnerability

Vulnerable Version

Uncaught Exception

granian is an A Rust HTTP server for Python applications

Affected versions of this package are vulnerable to Uncaught Exception via the Sec-WebSocket-Protocol header processing in the WebSocket upgrade request path. An attacker can cause a worker process to terminate unexpectedly by sending a specially crafted WebSocket upgrade request containing non-ASCII bytes in the Sec-WebSocket-Protocol header. This can be repeated across multiple workers to take the service offline. This is only exploitable if the server is running with the default panic behavior that aborts the worker process.

How to fix Uncaught Exception?

Upgrade granian to version 2.7.4 or higher.

[,2.7.4)

Improper Handling of Exceptional Conditions

granian is an A Rust HTTP server for Python applications

Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions through the WSGI response conversion process. An attacker can cause the worker process to abort by supplying or influencing invalid HTTP response header names or values, such as headers containing spaces, carriage returns, line feeds, or null bytes. This is only exploitable if the WSGI application emits invalid headers, either due to application bugs or attacker-controlled input.

How to fix Improper Handling of Exceptional Conditions?

Upgrade granian to version 2.7.4 or higher.

[,2.7.4)

granian@2.7.0

A Rust HTTP server for Python applications

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically