PYSEC-2019-104

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/mitogen/PYSEC-2019-104.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2019-104

Aliases

Published

2019-08-18T20:15:00Z

Modified

2023-11-08T04:01:12.761712Z

Summary

[none]

Details

* DISPUTED * core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetical other factors, i.e., an affected use case within a library caller, and a bug in the message receiver policy code that led to reliance on this extra protection mechanism.

References

Affected packages

PyPI / mitogen

Package

Name: mitogen; View open source insights on deps.dev
Purl: pkg:pypi/mitogen

Affected ranges

Type: GIT
Repo: https://github.com/dw/mitogen
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5924af1566763e48c42028399ea0cd95c457b3dc

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.8

Affected versions

0.*

0.2.0

0.2.1

0.2.2

0.2.3

0.2.4

0.2.5

0.2.6

0.2.7