Homepage
About Snyk

waitress@2.1.0 vulnerabilities

Waitress WSGI server

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the waitress package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Denial of Service (DoS)

waitress is a production-quality pure-Python WSGI server with very acceptable performance.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to a race condition that may cause early termination when a thread closes a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled, resulting in the entire application being killed.

Note: Users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.

How to fix Denial of Service (DoS)?

Upgrade waitress to version 2.1.2 or higher.

[2.1.0,2.1.2)
  • H
HTTP Request Smuggling

waitress is a production-quality pure-Python WSGI server with very acceptable performance.

Affected versions of this package are vulnerable to HTTP Request Smuggling via the front-end proxy, due to incorrect validation.

How to fix HTTP Request Smuggling?

Upgrade waitress to version 2.1.1 or higher.

[,2.1.1)
Go back to all versions of this package