[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-16785":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":37,"duplicate_of":9,"upstream":40,"downstream":41,"duplicates":66,"related":67,"reserved_at":9,"published_at":76,"modified_at":77,"state":78,"summary":79,"references_raw":87,"kevs":163,"epss":164,"epss_history":167,"metrics":428,"affected":449},"CVE-2019-16785","Waitress through version 1.3.1 implemented a \"MAY\" part of the RFC7230 which states: \"Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize a single LF as a line terminator and ignore any preceding CR.\" Unfortunately if a front-end server does not parse header fields with an LF the same way as it does those with a CRLF it can lead to the front-end and the back-end server parsing the same HTTP message in two different ways. This can lead to a potential for HTTP request smuggling/splitting whereby Waitress may see two requests while the front-end server only sees a single HTTP message. This issue is fixed in Waitress 1.4.0.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[28],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":35,"type":9,"platforms":36,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_PYLONS_WAITRESS","Waitress","github","https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p","poc",0.3,false,[],[38,39],"GHSA-pg36-wpm5-g57p","PYSEC-2019-136",[],[42,44,46,48,50,52,54,56,58,60,62,64],{"_key":43},"UBUNTU-CVE-2019-16785",{"_key":45},"SUSE-RU-2020:2072-1",{"_key":47},"SUSE-RU-2020:2161-1",{"_key":49},"SUSE-SU-2020:1901-1",{"_key":51},"SUSE-SU-2020:3269-1",{"_key":53},"SUSE-SU-2020:3292-1",{"_key":55},"OPENSUSE-SU-2020:1911-1",{"_key":57},"OPENSUSE-SU-2020:1922-1",{"_key":59},"RHSA-2020:0720",{"_key":61},"DLA-3000-1",{"_key":63},"MGASA-2020-0083",{"_key":65},"DEBIAN-CVE-2019-16785",[],[68,69,70,71,72,73,74,75],{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":63},"2019-12-20T23:00:25.000Z","2024-08-05T01:24:47.876Z","Modified",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":80,"epss_score":81,"severity":82,"severity_score":83,"severity_version":84,"severity_source":85,"severity_vector":86,"severity_status":78},"low",0.01023,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[88,95,99,108,114,118,123,128,134,138,143,147,151,155,159],{"url":89,"sources":90,"tags":92},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/",[91,85],"cve.org",[93,94],"Vendor Advisory","X Refsource FEDORA",{"url":96,"sources":97,"tags":98},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/",[91,85],[93,94],{"url":100,"sources":101,"tags":103},"https://access.redhat.com/errata/RHSA-2020:0720",[91,85,102],"osv_pypi",[93,104,105,106,107],"X Refsource REDHAT","Third Party Advisory","WEB","Advisory",{"url":109,"sources":110,"tags":111},"https://www.oracle.com/security-alerts/cpuapr2022.html",[91,85,102],[112,113,105,106],"X Refsource MISC","Patch",{"url":115,"sources":116,"tags":117},"https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes",[91,85,102],[112,93,106],{"url":32,"sources":119,"tags":120},[91,85,102],[121,122,105,106,107],"X Refsource CONFIRM","Exploit",{"url":124,"sources":125,"tags":126},"https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba",[91,85,102],[112,113,105,106,127],"FIX",{"url":129,"sources":130,"tags":131},"https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html",[91,85,102],[132,133,105,106],"Mailing List","X Refsource MLIST",{"url":135,"sources":136,"tags":137},"https://nvd.nist.gov/vuln/detail/CVE-2019-16785",[102],[107],{"url":139,"sources":140,"tags":141},"https://github.com/Pylons/waitress",[102],[142],"PACKAGE",{"url":144,"sources":145,"tags":146},"https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2019-136.yaml",[102],[106],{"url":148,"sources":149,"tags":150},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7",[102],[106],{"url":152,"sources":153,"tags":154},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5",[102],[106],{"url":156,"sources":157,"tags":158},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/",[102],[106],{"url":160,"sources":161,"tags":162},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/",[102],[106],[],{"date":165,"score":81,"percentile":166},"2026-06-04",0.77595,[168,172,175,178,181,184,187,190,193,196,199,202,205,208,211,215,218,221,224,227,230,232,234,237,239,242,245,248,251,254,257,260,263,266,269,271,273,276,279,282,285,287,290,293,296,299,302,305,308,310,313,316,319,322,325,328,331,334,337,340,343,346,349,352,354,357,360,363,366,369,372,375,378,380,383,386,389,392,395,398,400,403,406,409,411,413,416,419,422,425],{"date":169,"score":170,"percentile":171},"2025-11-04",0.00433,0.61942,{"date":173,"score":170,"percentile":174},"2025-11-05",0.61928,{"date":176,"score":170,"percentile":177},"2025-11-06",0.61936,{"date":179,"score":170,"percentile":180},"2025-11-07",0.61954,{"date":182,"score":170,"percentile":183},"2025-11-08",0.61958,{"date":185,"score":170,"percentile":186},"2025-11-09",0.61952,{"date":188,"score":170,"percentile":189},"2025-11-10",0.61931,{"date":191,"score":170,"percentile":192},"2025-11-11",0.61943,{"date":194,"score":170,"percentile":195},"2025-11-12",0.61969,{"date":197,"score":170,"percentile":198},"2025-11-13",0.61976,{"date":200,"score":170,"percentile":201},"2025-11-14",0.61984,{"date":203,"score":170,"percentile":204},"2025-11-15",0.61975,{"date":206,"score":170,"percentile":207},"2025-11-16",0.61965,{"date":209,"score":170,"percentile":210},"2025-11-17",0.61967,{"date":212,"score":213,"percentile":214},"2025-11-18",0.00736,0.7058,{"date":216,"score":213,"percentile":217},"2025-11-19",0.70588,{"date":219,"score":213,"percentile":220},"2025-11-20",0.70597,{"date":222,"score":170,"percentile":223},"2025-11-21",0.61974,{"date":225,"score":170,"percentile":226},"2025-11-22",0.61979,{"date":228,"score":170,"percentile":229},"2025-11-23",0.61959,{"date":231,"score":170,"percentile":186},"2025-11-24",{"date":233,"score":170,"percentile":229},"2025-11-25",{"date":235,"score":170,"percentile":236},"2025-11-26",0.6196,{"date":238,"score":170,"percentile":210},"2025-11-27",{"date":240,"score":170,"percentile":241},"2025-11-28",0.61948,{"date":243,"score":170,"percentile":244},"2025-11-29",0.61922,{"date":246,"score":170,"percentile":247},"2025-11-30",0.61915,{"date":249,"score":170,"percentile":250},"2025-12-01",0.62066,{"date":252,"score":170,"percentile":253},"2025-12-02",0.62084,{"date":255,"score":170,"percentile":256},"2025-12-03",0.62086,{"date":258,"score":170,"percentile":259},"2025-12-04",0.61912,{"date":261,"score":170,"percentile":262},"2025-12-05",0.61924,{"date":264,"score":170,"percentile":265},"2025-12-06",0.61923,{"date":267,"score":170,"percentile":268},"2025-12-07",0.61916,{"date":270,"score":170,"percentile":244},"2025-12-08",{"date":272,"score":170,"percentile":229},"2025-12-09",{"date":274,"score":170,"percentile":275},"2025-12-10",0.62004,{"date":277,"score":170,"percentile":278},"2025-12-11",0.62024,{"date":280,"score":170,"percentile":281},"2025-12-12",0.62047,{"date":283,"score":170,"percentile":284},"2025-12-13",0.62056,{"date":286,"score":170,"percentile":284},"2025-12-14",{"date":288,"score":170,"percentile":289},"2025-12-15",0.62038,{"date":291,"score":170,"percentile":292},"2025-12-16",0.62055,{"date":294,"score":170,"percentile":295},"2025-12-17",0.6207,{"date":297,"score":170,"percentile":298},"2025-12-18",0.62106,{"date":300,"score":170,"percentile":301},"2025-12-19",0.62118,{"date":303,"score":170,"percentile":304},"2025-12-20",0.6212,{"date":306,"score":170,"percentile":307},"2025-12-21",0.62113,{"date":309,"score":170,"percentile":298},"2025-12-22",{"date":311,"score":170,"percentile":312},"2025-12-23",0.62123,{"date":314,"score":170,"percentile":315},"2025-12-24",0.62131,{"date":317,"score":170,"percentile":318},"2025-12-25",0.62162,{"date":320,"score":170,"percentile":321},"2025-12-26",0.62158,{"date":323,"score":170,"percentile":324},"2025-12-27",0.62203,{"date":326,"score":170,"percentile":327},"2025-12-28",0.62135,{"date":329,"score":170,"percentile":330},"2025-12-29",0.62133,{"date":332,"score":170,"percentile":333},"2025-12-30",0.6215,{"date":335,"score":170,"percentile":336},"2025-12-31",0.62172,{"date":338,"score":170,"percentile":339},"2026-01-01",0.62357,{"date":341,"score":170,"percentile":342},"2026-01-02",0.62343,{"date":344,"score":170,"percentile":345},"2026-01-03",0.62341,{"date":347,"score":170,"percentile":348},"2026-01-04",0.62163,{"date":350,"score":170,"percentile":351},"2026-01-05",0.62153,{"date":353,"score":170,"percentile":318},"2026-01-06",{"date":355,"score":170,"percentile":356},"2026-01-07",0.62182,{"date":358,"score":170,"percentile":359},"2026-01-08",0.62205,{"date":361,"score":170,"percentile":362},"2026-01-09",0.62208,{"date":364,"score":170,"percentile":365},"2026-01-10",0.62201,{"date":367,"score":170,"percentile":368},"2026-01-11",0.62186,{"date":370,"score":170,"percentile":371},"2026-01-12",0.62165,{"date":373,"score":170,"percentile":374},"2026-01-13",0.62143,{"date":376,"score":170,"percentile":377},"2026-01-14",0.62185,{"date":379,"score":170,"percentile":377},"2026-01-15",{"date":381,"score":170,"percentile":382},"2026-01-16",0.62204,{"date":384,"score":170,"percentile":385},"2026-01-17",0.62198,{"date":387,"score":170,"percentile":388},"2026-01-18",0.62195,{"date":390,"score":170,"percentile":391},"2026-01-19",0.62178,{"date":393,"score":170,"percentile":394},"2026-01-20",0.62193,{"date":396,"score":170,"percentile":397},"2026-01-21",0.62194,{"date":399,"score":170,"percentile":385},"2026-01-22",{"date":401,"score":170,"percentile":402},"2026-01-23",0.62233,{"date":404,"score":81,"percentile":405},"2026-01-24",0.7683,{"date":407,"score":81,"percentile":408},"2026-01-25",0.7682,{"date":410,"score":81,"percentile":408},"2026-01-26",{"date":412,"score":81,"percentile":408},"2026-01-27",{"date":414,"score":81,"percentile":415},"2026-01-28",0.76829,{"date":417,"score":81,"percentile":418},"2026-01-29",0.76822,{"date":420,"score":81,"percentile":421},"2026-01-30",0.76827,{"date":423,"score":81,"percentile":424},"2026-01-31",0.76824,{"date":426,"score":81,"percentile":427},"2026-02-01",0.76939,[429,436,444],{"source":91,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":430,"cvss_v4_0":9},{"baseScore":431,"baseSeverity":432,"vectorString":433,"impactScore":434,"exploitabilityScore":435},7.1,"HIGH","CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",7.8,4.6,{"source":85,"cvss_v2_0":437,"cvss_v3_0":9,"cvss_v3_1":442,"cvss_v4_0":9},{"baseScore":438,"baseSeverity":9,"vectorString":439,"impactScore":440,"exploitabilityScore":441},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":83,"baseSeverity":432,"vectorString":86,"impactScore":443,"exploitabilityScore":441},6,{"source":102,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":445,"cvss_v4_0":446},{"baseScore":431,"baseSeverity":9,"vectorString":433,"impactScore":434,"exploitabilityScore":435},{"baseScore":447,"baseSeverity":9,"vectorString":448,"impactScore":9,"exploitabilityScore":9},5.1,"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N",[450,461,469,477,484,490,502],{"ecosystem":9,"name":451,"vendor":452,"product":451,"cpe_part":453,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":454},"waitress","agendaless","a",[455],{"version":456,"is_range":457,"range_type":458,"version_start":9,"version_start_type":9,"version_end":459,"version_end_type":460,"fixed_in":9},"lte1.3.1",true,"cpe","1.3.1","including",{"ecosystem":9,"name":462,"vendor":463,"product":464,"cpe_part":465,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":466},"debian linux","debian","debian_linux","o",[467],{"version":468,"is_range":35,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":470,"vendor":471,"product":470,"cpe_part":465,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":472},"fedora","fedoraproject",[473,475],{"version":474,"is_range":35,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"version":476,"is_range":35,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"31",{"ecosystem":9,"name":478,"vendor":479,"product":480,"cpe_part":453,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"communications cloud native core network function cloud native environment","oracle","communications_cloud_native_core_network_function_cloud_native_environment",[482],{"version":483,"is_range":35,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.10.0",{"ecosystem":9,"name":30,"vendor":485,"product":451,"cpe_part":453,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":486},"pylons",[487],{"version":488,"is_range":457,"range_type":91,"version_start":489,"version_start_type":460,"version_end":459,"version_end_type":460,"fixed_in":9},">= \u003C= 1.3.1, \u003C= 1.3.1","\u003C= 1.3.1",{"ecosystem":491,"name":451,"vendor":491,"product":451,"cpe_part":9,"purl_type":492,"purl_namespace":9,"purl_name":451,"source":9,"versions":493},"PyPI","pypi",[494,499],{"version":495,"is_range":457,"range_type":496,"version_start":9,"version_start_type":9,"version_end":497,"version_end_type":498,"fixed_in":9},"lt8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba","ecosystem","8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba","excluding",{"version":500,"is_range":457,"range_type":496,"version_start":9,"version_start_type":9,"version_end":501,"version_end_type":498,"fixed_in":9},"lt1_4_0","1.4.0",{"ecosystem":9,"name":503,"vendor":504,"product":503,"cpe_part":453,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":505},"openstack","redhat",[506],{"version":507,"is_range":35,"range_type":458,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15"]