CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49768 – Waitress has request processing race condition in HTTP pipelining with invalid first request
https://notcve.org/view.php?id=CVE-2024-49768
29 Oct 2024 — Waitress is a Web Server Gateway Interface server for Python 2 and 3. A remote client may send a request that is exactly recv_bytes (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is disabled (default) we won't read any more requests, and when the first request fails due to a parsing error, we simply close the connection. However when request lookahead is enabled, it is possible to process and receive the first request, start sending the error message b... • https://github.com/Pylons/waitress/commit/e4359018537af376cf24bd13616d861e2fb76f65 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-49769 – Waitress has a denial of service leading to high CPU usage/resource exhaustion
https://notcve.org/view.php?id=CVE-2024-49769
29 Oct 2024 — Waitress is a Web Server Gateway Interface server for Python 2 and 3. When a remote client closes the connection before waitress has had the opportunity to call getpeername() waitress won't correctly clean up the connection leading to the main thread attempting to write to a socket that no longer exists, but not removing it from the list of sockets to attempt to process. This leads to a busy-loop calling the write function. A remote attacker could run waitress out of available sockets with very little resou... • https://github.com/Pylons/waitress/commit/1ae4e894c9f76543bee06584001583fc6fa8c95c • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42353 – WebOb's location header normalization during redirect leads to open redirect
https://notcve.org/view.php?id=CVE-2024-42353
14 Aug 2024 — WebOb provides objects for HTTP requests and responses. When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with Python's urlparse, and joining it to the base URL. `urlparse` however treats a `//` at the start of a string as a URI without a scheme, and then treats the next part as the hostname. `urljoin` will then use that hostname from the second part as the hostname replacing the original one from the request. T... • https://github.com/Pylons/webob/security/advisories/GHSA-mg3v-6m49-jhp3 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •