Homepage
About Snyk

waitress@1.4.2 vulnerabilities

Waitress WSGI server

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the waitress package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
HTTP Request Smuggling

waitress is a production-quality pure-Python WSGI server with very acceptable performance.

Affected versions of this package are vulnerable to HTTP Request Smuggling via the front-end proxy, due to incorrect validation.

How to fix HTTP Request Smuggling?

Upgrade waitress to version 2.1.1 or higher.

[,2.1.1)
  • H
Regular Expression Denial of Service (ReDoS)

waitress is a production-quality pure-Python WSGI server with very acceptable performance.

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS). When a header like "Bad-header: xxxxxxxxxxxxxxx\x10" is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use 100% CPU time and blocking any other interactions.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade waitress to version 1.4.3 or higher.

[1.4.2,1.4.3)
Go back to all versions of this package