Waitress Security Update Advisory (CVE-2024-49768)

Nov 11 2024

Overview

An update has been released to address vulnerabilities in Waitress. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-49768

Waitress versions: 2.0.0 (inclusive) ~ 3.0.1 (excluded)

Resolved Vulnerabilities

A race condition vulnerability in the Waitress server, when the request lookahead feature is enabled, could allow a second request to be processed without the connection being closed upon certain request failures (CVE-2024-49768)

Vulnerability Patches

Vulnerability patches were made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-49768

Waitress version: 3.0.1

References Sites

[1] CVE-2024-49768 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-49768

[2] Request processing race condition in HTTP pipelining with invalid first request

https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj

Waitress Security Update Advisory (CVE-2024-49768)

Google Chrome Browser (130.0.6723.116/.117) Security Update Advisory

HPE Product Security Update Advisory

Tags:

Google Chrome Browser (130.0.6723.116/.117) Security Update Advisory

HPE Product Security Update Advisory