GHSA-x7m3-jprg-wc5g

Source

https://github.com/advisories/GHSA-x7m3-jprg-wc5g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/09/GHSA-x7m3-jprg-wc5g/GHSA-x7m3-jprg-wc5g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-x7m3-jprg-wc5g

Aliases

Related

Published

2023-09-25T12:30:44Z

Modified

2025-11-27T08:16:28.854095Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Gevent allows remote attacker to escalate privileges

Details

An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2023-09-25T18:46:08Z",
    "nvd_published_at": "2023-09-25T12:15:11Z",
    "severity": "CRITICAL",
    "cwe_ids": []
}

References

Affected packages

PyPI / gevent

Package

Name: gevent; View open source insights on deps.dev
Purl: pkg:pypi/gevent

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

23.9.0

Affected versions

0.*

0.9.2

0.9.3

0.10.0

0.11.0

0.11.1

0.11.2

0.12.0

0.12.1

0.12.2

0.13.0

0.13.1

0.13.2

0.13.3

0.13.4

0.13.5

0.13.6

0.13.7

0.13.8

1.*

1.0

1.0.1

1.0.2

1.1a1

1.1a2

1.1b1

1.1b2

1.1b3

1.1b4

1.1b5

1.1b6

1.1rc1

1.1rc2

1.1rc3

1.1rc4

1.1rc5

1.1.0

1.1.1

1.1.2

1.2a1

1.2a2

1.2.0

1.2.1

1.2.2

1.3a1

1.3a2

1.3b1

1.3b2

1.3.0

1.3.1

1.3.2

1.3.2.post0

1.3.3

1.3.4

1.3.5

1.3.6

1.3.7

1.4.0

1.5a1

1.5a2

1.5a3

1.5a4

1.5.0

20.*

20.4.0

20.5.0

20.5.1

20.5.2

20.6.0

20.6.1

20.6.2

20.9.0

20.12.0

20.12.1

21.*

21.1.0

21.1.1

21.1.2

21.8.0

21.12.0

22.*

22.8.0

22.10.1

22.10.2

23.*

23.7.0