[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-16786":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":57,"related":58,"reserved_at":9,"published_at":67,"modified_at":68,"state":69,"summary":70,"references_raw":79,"kevs":156,"epss":157,"epss_history":160,"metrics":421,"affected":442},"CVE-2019-16786","Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header instead. According to the HTTP standard Transfer-Encoding should be a comma separated list, with the inner-most encoding first, followed by any further transfer codings, ending with chunked. Requests sent with: \"Transfer-Encoding: gzip, chunked\" would incorrectly get ignored, and the request would use a Content-Length header instead to determine the body size of the HTTP message. This could allow for Waitress to treat a single request as multiple requests in the case of HTTP pipelining. This issue is fixed in Waitress 1.4.0.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[29,30],"GHSA-g2xc-35jw-c63p","PYSEC-2019-137",[],[33,35,37,39,41,43,45,47,49,51,53,55],{"_key":34},"UBUNTU-CVE-2019-16786",{"_key":36},"SUSE-RU-2020:2072-1",{"_key":38},"SUSE-RU-2020:2161-1",{"_key":40},"SUSE-SU-2020:1901-1",{"_key":42},"SUSE-SU-2020:3269-1",{"_key":44},"SUSE-SU-2020:3292-1",{"_key":46},"OPENSUSE-SU-2020:1911-1",{"_key":48},"OPENSUSE-SU-2020:1922-1",{"_key":50},"RHSA-2020:0720",{"_key":52},"DLA-3000-1",{"_key":54},"MGASA-2020-0083",{"_key":56},"DEBIAN-CVE-2019-16786",[],[59,60,61,62,63,64,65,66],{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":54},"2019-12-20T23:00:20.000Z","2024-08-05T01:24:48.017Z","Modified",{"cisa_kev":71,"cisa_ransomware":71,"cisa_vendor":9,"epss_severity":72,"epss_score":73,"severity":74,"severity_score":75,"severity_version":76,"severity_source":77,"severity_vector":78,"severity_status":69},false,"low",0.00795,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[80,87,91,100,106,111,116,121,127,131,136,140,144,148,152],{"url":81,"sources":82,"tags":84},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/",[83,77],"cve.org",[85,86],"Vendor Advisory","X Refsource FEDORA",{"url":88,"sources":89,"tags":90},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/",[83,77],[85,86],{"url":92,"sources":93,"tags":95},"https://access.redhat.com/errata/RHSA-2020:0720",[83,77,94],"osv_pypi",[85,96,97,98,99],"X Refsource REDHAT","Third Party Advisory","WEB","Advisory",{"url":101,"sources":102,"tags":103},"https://www.oracle.com/security-alerts/cpuapr2022.html",[83,77,94],[104,105,97,98],"X Refsource MISC","Patch",{"url":107,"sources":108,"tags":109},"https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes",[83,77,94],[104,110,85,98],"Release Notes",{"url":112,"sources":113,"tags":114},"https://github.com/Pylons/waitress/security/advisories/GHSA-g2xc-35jw-c63p",[83,77,94],[115,97,98,99],"X Refsource CONFIRM",{"url":117,"sources":118,"tags":119},"https://github.com/Pylons/waitress/commit/f11093a6b3240fc26830b6111e826128af7771c3",[83,77,94],[104,105,97,98,120],"FIX",{"url":122,"sources":123,"tags":124},"https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html",[83,77,94],[125,126,97,98],"Mailing List","X Refsource MLIST",{"url":128,"sources":129,"tags":130},"https://nvd.nist.gov/vuln/detail/CVE-2019-16786",[94],[99],{"url":132,"sources":133,"tags":134},"https://github.com/Pylons/waitress",[94],[135],"PACKAGE",{"url":137,"sources":138,"tags":139},"https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2019-137.yaml",[94],[98],{"url":141,"sources":142,"tags":143},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7",[94],[98],{"url":145,"sources":146,"tags":147},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5",[94],[98],{"url":149,"sources":150,"tags":151},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/",[94],[98],{"url":153,"sources":154,"tags":155},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/",[94],[98],[],{"date":158,"score":73,"percentile":159},"2026-06-04",0.74318,[161,165,168,171,174,177,180,183,186,189,192,195,198,201,203,207,210,213,216,219,222,225,227,230,232,235,237,240,243,246,249,251,254,257,260,262,265,268,271,274,277,280,283,286,288,291,294,297,300,303,306,309,312,315,318,321,323,326,329,332,335,337,340,343,346,349,352,355,358,360,363,366,369,372,375,378,381,384,386,388,391,394,398,401,404,407,410,413,416,418],{"date":162,"score":163,"percentile":164},"2025-11-04",0.00516,0.65793,{"date":166,"score":163,"percentile":167},"2025-11-05",0.65772,{"date":169,"score":163,"percentile":170},"2025-11-06",0.65769,{"date":172,"score":163,"percentile":173},"2025-11-07",0.6578,{"date":175,"score":163,"percentile":176},"2025-11-08",0.65779,{"date":178,"score":163,"percentile":179},"2025-11-09",0.65768,{"date":181,"score":163,"percentile":182},"2025-11-10",0.65758,{"date":184,"score":163,"percentile":185},"2025-11-11",0.65766,{"date":187,"score":163,"percentile":188},"2025-11-12",0.65788,{"date":190,"score":163,"percentile":191},"2025-11-13",0.65798,{"date":193,"score":163,"percentile":194},"2025-11-14",0.65806,{"date":196,"score":163,"percentile":197},"2025-11-15",0.65803,{"date":199,"score":163,"percentile":200},"2025-11-16",0.65797,{"date":202,"score":163,"percentile":200},"2025-11-17",{"date":204,"score":205,"percentile":206},"2025-11-18",0.00736,0.7058,{"date":208,"score":205,"percentile":209},"2025-11-19",0.70588,{"date":211,"score":205,"percentile":212},"2025-11-20",0.70597,{"date":214,"score":163,"percentile":215},"2025-11-21",0.65811,{"date":217,"score":163,"percentile":218},"2025-11-22",0.65818,{"date":220,"score":163,"percentile":221},"2025-11-23",0.65804,{"date":223,"score":163,"percentile":224},"2025-11-24",0.6579,{"date":226,"score":163,"percentile":164},"2025-11-25",{"date":228,"score":163,"percentile":229},"2025-11-26",0.65799,{"date":231,"score":163,"percentile":221},"2025-11-27",{"date":233,"score":163,"percentile":234},"2025-11-28",0.65789,{"date":236,"score":163,"percentile":170},"2025-11-29",{"date":238,"score":163,"percentile":239},"2025-11-30",0.65765,{"date":241,"score":163,"percentile":242},"2025-12-01",0.65923,{"date":244,"score":163,"percentile":245},"2025-12-02",0.6594,{"date":247,"score":163,"percentile":248},"2025-12-03",0.65937,{"date":250,"score":163,"percentile":179},"2025-12-04",{"date":252,"score":163,"percentile":253},"2025-12-05",0.65782,{"date":255,"score":163,"percentile":256},"2025-12-06",0.65787,{"date":258,"score":163,"percentile":259},"2025-12-07",0.65783,{"date":261,"score":163,"percentile":188},"2025-12-08",{"date":263,"score":163,"percentile":264},"2025-12-09",0.65817,{"date":266,"score":163,"percentile":267},"2025-12-10",0.65866,{"date":269,"score":163,"percentile":270},"2025-12-11",0.65886,{"date":272,"score":163,"percentile":273},"2025-12-12",0.6591,{"date":275,"score":163,"percentile":276},"2025-12-13",0.65917,{"date":278,"score":163,"percentile":279},"2025-12-14",0.65918,{"date":281,"score":163,"percentile":282},"2025-12-15",0.65913,{"date":284,"score":163,"percentile":285},"2025-12-16",0.65922,{"date":287,"score":163,"percentile":248},"2025-12-17",{"date":289,"score":163,"percentile":290},"2025-12-18",0.65975,{"date":292,"score":163,"percentile":293},"2025-12-19",0.65989,{"date":295,"score":163,"percentile":296},"2025-12-20",0.65987,{"date":298,"score":163,"percentile":299},"2025-12-21",0.65978,{"date":301,"score":163,"percentile":302},"2025-12-22",0.65976,{"date":304,"score":163,"percentile":305},"2025-12-23",0.65972,{"date":307,"score":163,"percentile":308},"2025-12-24",0.65983,{"date":310,"score":163,"percentile":311},"2025-12-25",0.66015,{"date":313,"score":163,"percentile":314},"2025-12-26",0.66012,{"date":316,"score":163,"percentile":317},"2025-12-27",0.66063,{"date":319,"score":163,"percentile":320},"2025-12-28",0.65986,{"date":322,"score":163,"percentile":302},"2025-12-29",{"date":324,"score":163,"percentile":325},"2025-12-30",0.65994,{"date":327,"score":163,"percentile":328},"2025-12-31",0.66016,{"date":330,"score":163,"percentile":331},"2026-01-01",0.66192,{"date":333,"score":163,"percentile":334},"2026-01-02",0.66176,{"date":336,"score":163,"percentile":334},"2026-01-03",{"date":338,"score":163,"percentile":339},"2026-01-04",0.66008,{"date":341,"score":163,"percentile":342},"2026-01-05",0.65993,{"date":344,"score":163,"percentile":345},"2026-01-06",0.66003,{"date":347,"score":163,"percentile":348},"2026-01-07",0.66024,{"date":350,"score":163,"percentile":351},"2026-01-08",0.66037,{"date":353,"score":163,"percentile":354},"2026-01-09",0.66046,{"date":356,"score":163,"percentile":357},"2026-01-10",0.66047,{"date":359,"score":163,"percentile":351},"2026-01-11",{"date":361,"score":163,"percentile":362},"2026-01-12",0.66026,{"date":364,"score":163,"percentile":365},"2026-01-13",0.66023,{"date":367,"score":163,"percentile":368},"2026-01-14",0.66058,{"date":370,"score":163,"percentile":371},"2026-01-15",0.6606,{"date":373,"score":163,"percentile":374},"2026-01-16",0.66078,{"date":376,"score":163,"percentile":377},"2026-01-17",0.66068,{"date":379,"score":163,"percentile":380},"2026-01-18",0.66051,{"date":382,"score":163,"percentile":383},"2026-01-19",0.66038,{"date":385,"score":163,"percentile":380},"2026-01-20",{"date":387,"score":163,"percentile":317},"2026-01-21",{"date":389,"score":163,"percentile":390},"2026-01-22",0.66073,{"date":392,"score":163,"percentile":393},"2026-01-23",0.66104,{"date":395,"score":396,"percentile":397},"2026-01-24",0.00898,0.75196,{"date":399,"score":396,"percentile":400},"2026-01-25",0.75182,{"date":402,"score":396,"percentile":403},"2026-01-26",0.75181,{"date":405,"score":396,"percentile":406},"2026-01-27",0.7519,{"date":408,"score":396,"percentile":409},"2026-01-28",0.75197,{"date":411,"score":396,"percentile":412},"2026-01-29",0.75193,{"date":414,"score":396,"percentile":415},"2026-01-30",0.75195,{"date":417,"score":396,"percentile":409},"2026-01-31",{"date":419,"score":396,"percentile":420},"2026-02-01",0.75316,[422,429,437],{"source":83,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":423,"cvss_v4_0":9},{"baseScore":424,"baseSeverity":425,"vectorString":426,"impactScore":427,"exploitabilityScore":428},7.1,"HIGH","CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",7.8,4.6,{"source":77,"cvss_v2_0":430,"cvss_v3_0":9,"cvss_v3_1":435,"cvss_v4_0":9},{"baseScore":431,"baseSeverity":9,"vectorString":432,"impactScore":433,"exploitabilityScore":434},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":75,"baseSeverity":425,"vectorString":78,"impactScore":436,"exploitabilityScore":434},6,{"source":94,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":438,"cvss_v4_0":439},{"baseScore":424,"baseSeverity":9,"vectorString":426,"impactScore":427,"exploitabilityScore":428},{"baseScore":440,"baseSeverity":9,"vectorString":441,"impactScore":9,"exploitabilityScore":9},5.1,"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:L/SA:N",[443,454,462,470,477,485,498],{"ecosystem":9,"name":444,"vendor":445,"product":444,"cpe_part":446,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":447},"waitress","agendaless","a",[448],{"version":449,"is_range":450,"range_type":451,"version_start":9,"version_start_type":9,"version_end":452,"version_end_type":453,"fixed_in":9},"lt1.3.1",true,"cpe","1.3.1","excluding",{"ecosystem":9,"name":455,"vendor":456,"product":457,"cpe_part":458,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":459},"debian linux","debian","debian_linux","o",[460],{"version":461,"is_range":71,"range_type":451,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":463,"vendor":464,"product":463,"cpe_part":458,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":465},"fedora","fedoraproject",[466,468],{"version":467,"is_range":71,"range_type":451,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"version":469,"is_range":71,"range_type":451,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"31",{"ecosystem":9,"name":471,"vendor":472,"product":473,"cpe_part":446,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":474},"communications cloud native core network function cloud native environment","oracle","communications_cloud_native_core_network_function_cloud_native_environment",[475],{"version":476,"is_range":71,"range_type":451,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.10.0",{"ecosystem":9,"name":478,"vendor":479,"product":444,"cpe_part":446,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":480},"Waitress","pylons",[481],{"version":482,"is_range":450,"range_type":83,"version_start":483,"version_start_type":484,"version_end":452,"version_end_type":484,"fixed_in":9},">= \u003C= 1.3.1, \u003C= 1.3.1","\u003C= 1.3.1","including",{"ecosystem":486,"name":444,"vendor":486,"product":444,"cpe_part":9,"purl_type":487,"purl_namespace":9,"purl_name":444,"source":9,"versions":488},"PyPI","pypi",[489,493,495],{"version":490,"is_range":450,"range_type":491,"version_start":9,"version_start_type":9,"version_end":492,"version_end_type":453,"fixed_in":9},"ltf11093a6b3240fc26830b6111e826128af7771c3","ecosystem","f11093a6b3240fc26830b6111e826128af7771c3",{"version":494,"is_range":450,"range_type":491,"version_start":9,"version_start_type":9,"version_end":452,"version_end_type":453,"fixed_in":9},"lt1_3_1",{"version":496,"is_range":450,"range_type":491,"version_start":9,"version_start_type":9,"version_end":497,"version_end_type":453,"fixed_in":9},"lt1_4_0","1.4.0",{"ecosystem":9,"name":499,"vendor":500,"product":499,"cpe_part":446,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":501},"openstack","redhat",[502],{"version":503,"is_range":71,"range_type":451,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15"]