PYSEC-2020-178

2020-01-2219:15:00

Google

osv.dev

0.002 Low

EPSS

Percentile

56.7%

JSON

Waitress through version 1.3.1 allows request smuggling by sending the Content-Length header twice. Waitress would header fold a double Content-Length header and due to being unable to cast the now comma separated value to an integer would set the Content-Length to 0 internally. If two Content-Length headers are sent in a single request, Waitress would treat the request as having no body, thereby treating the body of the request as a new request in HTTP pipelining. This issue is fixed in Waitress 1.4.0.

CPENameOperatorVersion
waitresseq1.0a1
waitresseq0.1
waitresseq0.8.7
waitresseq1.0.2
waitresseq0.5
waitresseq0.9.0b1
waitresseq0.8.6
waitresseq1.2.1
waitresseq0.8.8
waitresseq0.8.11b0

Name	Operator	Version
waitress	eq	1.0a1
waitress	eq	0.1
waitress	eq	0.8.7
waitress	eq	1.0.2
waitress	eq	0.5
waitress	eq	0.9.0b1
waitress	eq	0.8.6
waitress	eq	1.2.1
waitress	eq	0.8.8
waitress	eq	0.8.11b0