Uncaught Exception in python-waitress | CVE-2022-31015

Threat Intelligence

1.3% (67^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Uncaught Exception vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-RHEL8-PYTHONWAITRESS-6815665
published9 May 2024
disclosed1 Jun 2022

Report a new vulnerability Found a mistake?

Introduced: 1 Jun 2022

CVE-2022-31015 (opens in a new tab) CWE-248 (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:8.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python-waitress package and not the python-waitress package as distributed by RHEL.

Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.

Uncaught Exception The advisory has been revoked - it doesn't affect any version of package python-waitress (opens in a new tab)