[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-16789":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":31,"downstream":32,"duplicates":59,"related":60,"reserved_at":9,"published_at":69,"modified_at":70,"state":71,"summary":72,"references_raw":81,"kevs":171,"epss":172,"epss_history":175,"metrics":438,"affected":458},"CVE-2019-16789","In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress leading to a potential for HTTP request smuggling. Specially crafted requests containing special whitespace characters in the Transfer-Encoding header would get parsed by Waitress as being a chunked request, but a front-end server would use the Content-Length instead as the Transfer-Encoding header is considered invalid due to containing invalid characters. If a front-end server does HTTP pipelining to a backend Waitress server this could lead to HTTP request splitting which may lead to potential cache poisoning or unexpected information disclosure. This issue is fixed in Waitress 1.4.1 through more strict HTTP field validation.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[29,30],"GHSA-968f-66r5-5v74","PYSEC-2019-138",[],[33,35,37,39,41,43,45,47,49,51,53,55,57],{"_key":34},"UBUNTU-CVE-2019-16789",{"_key":36},"SUSE-RU-2020:2072-1",{"_key":38},"SUSE-RU-2020:2161-1",{"_key":40},"SUSE-SU-2020:1901-1",{"_key":42},"SUSE-SU-2020:3269-1",{"_key":44},"SUSE-SU-2020:3292-1",{"_key":46},"OPENSUSE-SU-2020:1911-1",{"_key":48},"OPENSUSE-SU-2020:1922-1",{"_key":50},"RHSA-2020:0720",{"_key":52},"DLA-2056-1",{"_key":54},"DLA-3000-1",{"_key":56},"MGASA-2020-0083",{"_key":58},"DEBIAN-CVE-2019-16789",[],[61,62,63,64,65,66,67,68],{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},{"_key":56},"2019-12-26T16:40:12.000Z","2024-08-05T01:24:48.331Z","Modified",{"cisa_kev":73,"cisa_ransomware":73,"cisa_vendor":9,"epss_severity":74,"epss_score":75,"severity":76,"severity_score":77,"severity_version":78,"severity_source":79,"severity_vector":80,"severity_status":71},false,"low",0.00882,"high",8.2,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",[82,89,93,102,108,113,119,124,130,134,138,142,147,151,155,159,163,167],{"url":83,"sources":84,"tags":86},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/",[85,79],"cve.org",[87,88],"Vendor Advisory","X Refsource FEDORA",{"url":90,"sources":91,"tags":92},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/",[85,79],[87,88],{"url":94,"sources":95,"tags":97},"https://access.redhat.com/errata/RHSA-2020:0720",[85,79,96],"osv_pypi",[87,98,99,100,101],"X Refsource REDHAT","Third Party Advisory","WEB","Advisory",{"url":103,"sources":104,"tags":105},"https://www.oracle.com/security-alerts/cpuapr2022.html",[85,79,96],[106,107,99,100],"X Refsource MISC","Patch",{"url":109,"sources":110,"tags":111},"https://docs.pylonsproject.org/projects/waitress/en/latest/#security-fixes",[85,79,96],[106,112,87,100],"Release Notes",{"url":114,"sources":115,"tags":116},"https://github.com/github/advisory-review/pull/14604",[85,79,96],[117,118,99,100,101],"X Refsource CONFIRM","Broken Link",{"url":120,"sources":121,"tags":122},"https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017",[85,79,96],[106,107,99,100,123],"FIX",{"url":125,"sources":126,"tags":127},"https://lists.debian.org/debian-lts-announce/2022/05/msg00011.html",[85,79,96],[128,129,99,100],"Mailing List","X Refsource MLIST",{"url":131,"sources":132,"tags":133},"https://github.com/Pylons/waitress/security/advisories/GHSA-968f-66r5-5v74",[96],[100],{"url":135,"sources":136,"tags":137},"https://nvd.nist.gov/vuln/detail/CVE-2019-16789",[96],[101],{"url":139,"sources":140,"tags":141},"https://github.com/Pylons/waitress/commit/ddb65b489d01d696afa1695b75fdd5df3e4ffdf8",[96],[100],{"url":143,"sources":144,"tags":145},"https://github.com/Pylons/waitress",[96],[146],"PACKAGE",{"url":148,"sources":149,"tags":150},"https://github.com/advisories/GHSA-968f-66r5-5v74",[96],[101],{"url":152,"sources":153,"tags":154},"https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2019-138.yaml",[96],[100],{"url":156,"sources":157,"tags":158},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7",[96],[100],{"url":160,"sources":161,"tags":162},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5",[96],[100],{"url":164,"sources":165,"tags":166},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GVDHR2DNKCNQ7YQXISJ45NT4IQDX3LJ7/",[96],[100],{"url":168,"sources":169,"tags":170},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYEOTGWJZVKPRXX2HBNVIYWCX73QYPM5/",[96],[100],[],{"date":173,"score":75,"percentile":174},"2026-06-04",0.75746,[176,180,183,185,188,191,194,197,200,203,206,209,212,215,218,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,285,288,291,294,297,300,303,306,309,312,315,317,320,323,325,328,331,333,336,339,342,345,348,351,354,357,360,363,365,368,371,374,376,378,381,384,387,390,393,396,399,402,405,407,410,413,416,419,422,425,427,430,433,435],{"date":177,"score":178,"percentile":179},"2025-11-04",0.00603,0.68663,{"date":181,"score":178,"percentile":182},"2025-11-05",0.68645,{"date":184,"score":178,"percentile":182},"2025-11-06",{"date":186,"score":178,"percentile":187},"2025-11-07",0.68658,{"date":189,"score":178,"percentile":190},"2025-11-08",0.68659,{"date":192,"score":178,"percentile":193},"2025-11-09",0.6865,{"date":195,"score":178,"percentile":196},"2025-11-10",0.6864,{"date":198,"score":178,"percentile":199},"2025-11-11",0.68649,{"date":201,"score":178,"percentile":202},"2025-11-12",0.68673,{"date":204,"score":178,"percentile":205},"2025-11-13",0.6868,{"date":207,"score":178,"percentile":208},"2025-11-14",0.68688,{"date":210,"score":178,"percentile":211},"2025-11-15",0.68684,{"date":213,"score":178,"percentile":214},"2025-11-16",0.68681,{"date":216,"score":178,"percentile":217},"2025-11-17",0.68679,{"date":219,"score":220,"percentile":221},"2025-11-18",0.01181,0.76945,{"date":223,"score":220,"percentile":224},"2025-11-19",0.76951,{"date":226,"score":220,"percentile":227},"2025-11-20",0.76961,{"date":229,"score":178,"percentile":230},"2025-11-21",0.68695,{"date":232,"score":178,"percentile":233},"2025-11-22",0.68694,{"date":235,"score":178,"percentile":236},"2025-11-23",0.68686,{"date":238,"score":178,"percentile":239},"2025-11-24",0.68674,{"date":241,"score":178,"percentile":242},"2025-11-25",0.68682,{"date":244,"score":178,"percentile":245},"2025-11-26",0.68689,{"date":247,"score":178,"percentile":248},"2025-11-27",0.6869,{"date":250,"score":178,"percentile":251},"2025-11-28",0.68677,{"date":253,"score":178,"percentile":254},"2025-11-29",0.68661,{"date":256,"score":178,"percentile":257},"2025-11-30",0.68656,{"date":259,"score":178,"percentile":260},"2025-12-01",0.68809,{"date":262,"score":178,"percentile":263},"2025-12-02",0.68817,{"date":265,"score":178,"percentile":266},"2025-12-03",0.68813,{"date":268,"score":178,"percentile":269},"2025-12-04",0.68651,{"date":271,"score":178,"percentile":272},"2025-12-05",0.68667,{"date":274,"score":178,"percentile":275},"2025-12-06",0.68672,{"date":277,"score":178,"percentile":278},"2025-12-07",0.68666,{"date":280,"score":178,"percentile":281},"2025-12-08",0.68671,{"date":283,"score":178,"percentile":284},"2025-12-09",0.687,{"date":286,"score":178,"percentile":287},"2025-12-10",0.68743,{"date":289,"score":178,"percentile":290},"2025-12-11",0.68762,{"date":292,"score":178,"percentile":293},"2025-12-12",0.6879,{"date":295,"score":178,"percentile":296},"2025-12-13",0.68791,{"date":298,"score":178,"percentile":299},"2025-12-14",0.68795,{"date":301,"score":178,"percentile":302},"2025-12-15",0.68792,{"date":304,"score":178,"percentile":305},"2025-12-16",0.68799,{"date":307,"score":178,"percentile":308},"2025-12-17",0.68812,{"date":310,"score":178,"percentile":311},"2025-12-18",0.68842,{"date":313,"score":178,"percentile":314},"2025-12-19",0.6886,{"date":316,"score":178,"percentile":314},"2025-12-20",{"date":318,"score":178,"percentile":319},"2025-12-21",0.68845,{"date":321,"score":178,"percentile":322},"2025-12-22",0.68847,{"date":324,"score":178,"percentile":322},"2025-12-23",{"date":326,"score":178,"percentile":327},"2025-12-24",0.68854,{"date":329,"score":178,"percentile":330},"2025-12-25",0.68882,{"date":332,"score":178,"percentile":330},"2025-12-26",{"date":334,"score":178,"percentile":335},"2025-12-27",0.68925,{"date":337,"score":178,"percentile":338},"2025-12-28",0.68855,{"date":340,"score":178,"percentile":341},"2025-12-29",0.68848,{"date":343,"score":178,"percentile":344},"2025-12-30",0.68862,{"date":346,"score":178,"percentile":347},"2025-12-31",0.68878,{"date":349,"score":178,"percentile":350},"2026-01-01",0.69052,{"date":352,"score":178,"percentile":353},"2026-01-02",0.69041,{"date":355,"score":178,"percentile":356},"2026-01-03",0.6904,{"date":358,"score":178,"percentile":359},"2026-01-04",0.68881,{"date":361,"score":178,"percentile":362},"2026-01-05",0.6887,{"date":364,"score":178,"percentile":359},"2026-01-06",{"date":366,"score":178,"percentile":367},"2026-01-07",0.68898,{"date":369,"score":178,"percentile":370},"2026-01-08",0.68915,{"date":372,"score":178,"percentile":373},"2026-01-09",0.68923,{"date":375,"score":178,"percentile":373},"2026-01-10",{"date":377,"score":178,"percentile":370},"2026-01-11",{"date":379,"score":178,"percentile":380},"2026-01-12",0.68907,{"date":382,"score":178,"percentile":383},"2026-01-13",0.68905,{"date":385,"score":178,"percentile":386},"2026-01-14",0.68937,{"date":388,"score":178,"percentile":389},"2026-01-15",0.68942,{"date":391,"score":178,"percentile":392},"2026-01-16",0.68958,{"date":394,"score":178,"percentile":395},"2026-01-17",0.68948,{"date":397,"score":178,"percentile":398},"2026-01-18",0.68935,{"date":400,"score":178,"percentile":401},"2026-01-19",0.68927,{"date":403,"score":178,"percentile":404},"2026-01-20",0.68939,{"date":406,"score":178,"percentile":395},"2026-01-21",{"date":408,"score":178,"percentile":409},"2026-01-22",0.68959,{"date":411,"score":178,"percentile":412},"2026-01-23",0.68988,{"date":414,"score":75,"percentile":415},"2026-01-24",0.74938,{"date":417,"score":75,"percentile":418},"2026-01-25",0.74923,{"date":420,"score":75,"percentile":421},"2026-01-26",0.74922,{"date":423,"score":75,"percentile":424},"2026-01-27",0.74931,{"date":426,"score":75,"percentile":415},"2026-01-28",{"date":428,"score":75,"percentile":429},"2026-01-29",0.74934,{"date":431,"score":75,"percentile":432},"2026-01-30",0.74936,{"date":434,"score":75,"percentile":415},"2026-01-31",{"date":436,"score":75,"percentile":437},"2026-02-01",0.75057,[439,446,453],{"source":85,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":440,"cvss_v4_0":9},{"baseScore":441,"baseSeverity":442,"vectorString":443,"impactScore":444,"exploitabilityScore":445},7.1,"HIGH","CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:N",7.8,4.6,{"source":79,"cvss_v2_0":447,"cvss_v3_0":9,"cvss_v3_1":452,"cvss_v4_0":9},{"baseScore":448,"baseSeverity":9,"vectorString":449,"impactScore":450,"exploitabilityScore":451},6.4,"AV:N/AC:L/Au:N/C:P/I:P/A:N",4.9,10,{"baseScore":77,"baseSeverity":442,"vectorString":80,"impactScore":4,"exploitabilityScore":451},{"source":96,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":454,"cvss_v4_0":455},{"baseScore":441,"baseSeverity":9,"vectorString":443,"impactScore":444,"exploitabilityScore":445},{"baseScore":456,"baseSeverity":9,"vectorString":457,"impactScore":9,"exploitabilityScore":9},5.1,"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:H/SA:N",[459,470,478,486,493,502,515],{"ecosystem":9,"name":460,"vendor":461,"product":460,"cpe_part":462,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":463},"waitress","agendaless","a",[464],{"version":465,"is_range":466,"range_type":467,"version_start":9,"version_start_type":9,"version_end":468,"version_end_type":469,"fixed_in":9},"lte1.4.0",true,"cpe","1.4.0","including",{"ecosystem":9,"name":471,"vendor":472,"product":473,"cpe_part":474,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":475},"debian linux","debian","debian_linux","o",[476],{"version":477,"is_range":73,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":479,"vendor":480,"product":479,"cpe_part":474,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"fedora","fedoraproject",[482,484],{"version":483,"is_range":73,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"30",{"version":485,"is_range":73,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"31",{"ecosystem":9,"name":487,"vendor":488,"product":489,"cpe_part":462,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":490},"communications cloud native core network function cloud native environment","oracle","communications_cloud_native_core_network_function_cloud_native_environment",[491],{"version":492,"is_range":73,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"1.10.0",{"ecosystem":9,"name":494,"vendor":495,"product":460,"cpe_part":462,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":496},"Waitress","pylons",[497],{"version":498,"is_range":466,"range_type":85,"version_start":499,"version_start_type":469,"version_end":500,"version_end_type":501,"fixed_in":9},">= \u003C 1.4.1, \u003C 1.4.1","\u003C 1.4.1","1.4.1","excluding",{"ecosystem":503,"name":460,"vendor":503,"product":460,"cpe_part":9,"purl_type":504,"purl_namespace":9,"purl_name":460,"source":9,"versions":505},"PyPI","pypi",[506,510,513],{"version":507,"is_range":466,"range_type":508,"version_start":9,"version_start_type":9,"version_end":509,"version_end_type":501,"fixed_in":9},"lt1_4_2","ecosystem","1.4.2",{"version":511,"is_range":466,"range_type":508,"version_start":9,"version_start_type":9,"version_end":512,"version_end_type":501,"fixed_in":9},"lt11d9e138125ad46e951027184b13242a3c1de017","11d9e138125ad46e951027184b13242a3c1de017",{"version":514,"is_range":466,"range_type":508,"version_start":9,"version_start_type":9,"version_end":500,"version_end_type":501,"fixed_in":9},"lt1_4_1",{"ecosystem":9,"name":516,"vendor":517,"product":516,"cpe_part":462,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":518},"openstack","redhat",[519],{"version":520,"is_range":73,"range_type":467,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15"]