PYSEC-2020-178

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/waitress/PYSEC-2020-178.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2020-178

Aliases

Published

2020-01-22T19:15:00Z

Modified

2023-11-08T04:01:21.890990Z

Summary

[none]

Details

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.

References

Affected packages

PyPI / waitress

Package

Name: waitress; View open source insights on deps.dev
Purl: pkg:pypi/waitress

Affected ranges

Type: GIT
Repo: https://github.com/Pylons/waitress
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

575994cd42e83fd772a5f7ec98b2c56751bd3f65

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.0

Affected versions

0.*

0.1

0.2

0.3

0.4

0.5

0.6

0.6.1

0.7

0.8

0.8.1

0.8.2

0.8.3

0.8.4

0.8.5

0.8.6

0.8.7

0.8.8

0.8.9

0.8.10

0.8.11b0

0.9.0b0

0.9.0b1

0.9.0

1.*

1.0a1

1.0a2

1.0.0

1.0.1

1.0.2

1.1.0

1.2.0b1

1.2.0b2

1.2.0b3

1.2.0

1.2.1

1.3.0b0

1.3.0

1.3.1