waitress is vulnerable to CRLF injection. The vulnerability exists due to the different ways in which carriage returns and line feed characters are parsed in the server and the client. This cab potentially lead to HTTP request smuggling and splitting vulnerabilities.
access.redhat.com/errata/RHSA-2020:0720
docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes
github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba
github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p
lists.debian.org/debian-lts-announce/2022/05/msg00011.html
lists.fedoraproject.org/archives/list/[email protected]/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/
lists.fedoraproject.org/archives/list/[email protected]/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/
www.oracle.com/security-alerts/cpuapr2022.html