[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2022-0182":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":20,"modified_at":21,"state":9,"summary":22,"references_raw":24,"kevs":40,"epss":9,"epss_history":41,"metrics":42,"affected":43},"MGASA-2022-0182","Updated python-waitress packages fix security vulnerability\n\nWhen using Waitress versions 2.1.0 and prior behind a proxy that does not\nproperly validate the incoming HTTP request matches the RFC7230 standard,\nWaitress and the frontend proxy may disagree on where one request starts\nand where it ends. This would allow requests to be smuggled via the\nfront-end proxy to waitress and later behavior. There are two classes of\nvulnerability that may lead to request smuggling that are addressed by\nthis advisory: The use of Python’s `int()` to parse strings into integers,\nleading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`,\nwhere as the standard specifies that the string should contain only digits\nor hex digits; and Waitress does not support chunk extensions, however it\nwas discarding them without validating that they did not contain illegal\ncharacters. This vulnerability has been patched in Waitress 2.1.1\n",null,[],[],[],[14],{"_key":15},"CVE-2022-24761",[],[],[19],{"_key":15},"2022-05-15T10:06:40Z","2026-04-16T04:23:48.245811Z",{"cisa_kev":23,"cisa_ransomware":23,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[25,31,36],{"url":26,"sources":27,"tags":29},"https://advisories.mageia.org/MGASA-2022-0182.html",[28],"osv_mageia",[30],"Advisory",{"url":32,"sources":33,"tags":34},"https://bugs.mageia.org/show_bug.cgi?id=30248",[28],[35],"REPORT",{"url":37,"sources":38,"tags":39},"https://ubuntu.com/security/notices/USN-5364-1",[28],[35,30],[],[],[],[44],{"ecosystem":45,"name":46,"vendor":47,"product":46,"cpe_part":9,"purl_type":48,"purl_namespace":47,"purl_name":46,"source":9,"versions":49},"Mageia","python-waitress","mageia","rpm",[50],{"version":51,"is_range":52,"range_type":53,"version_start":9,"version_start_type":9,"version_end":54,"version_end_type":55,"fixed_in":9},"lt2_1_1_1_mga8",true,"ecosystem","2.1.1-1.mga8","excluding"]