VDB
CNVD-2020-18632
CNVD-2020-18632
PUBLISHED
CVSS 7.099999904632568 HIGH
Waitress是一款用于Python的WSGI(Web服务器网关接口)服务器。 Waitress存在环境问题漏洞。该漏洞源于网络系统或产品的环境因素不合理。目前暂无详细的漏洞细节提供。
Risk Scores
CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pylons | Waitress | <= 1.3.1 |
Exploit Intelligence
- https://www.oracle.com/security-alerts/cpuapr2022.html (circl)
- https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes (circl)
- https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6 (circl)
- https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65 (circl)
- [debian-lts-announce] 20220512 [SECURITY] [DLA 3000-1] waitress security update (circl)
- CIRCL seen: CVE-2019-16792 (circl-sighting)
Timeline
- Dec 20, 2019 CVE Published
- Jan 23, 2020 PoC Published
References
- https://www.oracle.com/security-alerts/cpuapr2022.html url
- https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes url
- https://github.com/Pylons/waitress/security/advisories/GHSA-4ppp-gpcr-7qf6 url
- https://github.com/Pylons/waitress/commit/575994cd42e83fd772a5f7ec98b2c56751bd3f65 url
- [debian-lts-announce] 20220512 [SECURITY] [DLA 3000-1] waitress security update mailing-list