Common Weakness Enumeration

CWE-248

Allowed

Uncaught Exception

Abstraction: Base · Status: Draft

An exception is thrown from a function, but it is not caught.

420 vulnerabilities reference this CWE, most recent first.

GHSA-C97H-MP76-MJ2R

Vulnerability from github – Published: 2025-05-13 21:30 – Updated: 2025-11-03 21:33
VLAI
Details

Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20054"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T21:16:05Z",
    "severity": "MODERATE"
  },
  "details": "Uncaught exception in the core management mechanism for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access.",
  "id": "GHSA-c97h-mp76-mj2r",
  "modified": "2025-11-03T21:33:54Z",
  "published": "2025-05-13T21:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20054"
    },
    {
      "type": "WEB",
      "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01244.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00021.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-CF9C-6VVV-M2RC

Vulnerability from github – Published: 2025-04-07 06:30 – Updated: 2025-04-07 06:30
VLAI
Details

Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-58112"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-07T04:15:17Z",
    "severity": "HIGH"
  },
  "details": "Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework\nImpact: Successful exploitation of this vulnerability may affect availability.",
  "id": "GHSA-cf9c-6vvv-m2rc",
  "modified": "2025-04-07T06:30:27Z",
  "published": "2025-04-07T06:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58112"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2025/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CM8H-Q92V-XCFC

Vulnerability from github – Published: 2023-01-09 21:55 – Updated: 2023-01-10 16:15
VLAI
Summary
mercurius has Uncaught Exception when using subscriptions
Details

Impact

Any users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to /graphql.

Patches

This was patched in https://github.com/mercurius-js/mercurius/pull/940. The patch was released as v11.5.0 and v8.13.2.

Workarounds

Disable subscriptions.

References

Reported publicly as https://github.com/mercurius-js/mercurius/issues/939. The same problem was solved in https://github.com/fastify/fastify-websocket/pull/228

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "mercurius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.0.0"
            },
            {
              "fixed": "11.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "mercurius"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "8.13.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-22477"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-09T21:55:44Z",
    "nvd_published_at": "2023-01-09T15:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nAny users of Mercurius until version v11.5.0 are subjected to a denial of service attack by sending a malformed packet over WebSocket to `/graphql`.\n\n### Patches\n\nThis was patched in https://github.com/mercurius-js/mercurius/pull/940.\nThe patch was released as v11.5.0 and v8.13.2.\n\n### Workarounds\n\nDisable subscriptions.\n\n### References\n\nReported publicly as https://github.com/mercurius-js/mercurius/issues/939.\nThe same problem was solved in https://github.com/fastify/fastify-websocket/pull/228\n",
  "id": "GHSA-cm8h-q92v-xcfc",
  "modified": "2023-01-10T16:15:07Z",
  "published": "2023-01-09T21:55:44Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/mercurius-js/mercurius/security/advisories/GHSA-cm8h-q92v-xcfc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22477"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mercurius-js/mercurius/issues/939"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fastify/fastify-websocket/pull/228"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mercurius-js/mercurius/pull/940"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/mercurius-js/mercurius"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "mercurius has Uncaught Exception when using subscriptions"
}

GHSA-CP7V-2P64-673R

Vulnerability from github – Published: 2024-04-27 00:30 – Updated: 2024-09-27 18:32
VLAI
Details

Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. 

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-3051"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-345"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-26T22:15:08Z",
    "severity": "HIGH"
  },
  "details": "Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time.\u00a0",
  "id": "GHSA-cp7v-2p64-673r",
  "modified": "2024-09-27T18:32:21Z",
  "published": "2024-04-27T00:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3051"
    },
    {
      "type": "WEB",
      "url": "https://community.silabs.com/068Vm0000045w2j"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CP97-6MF7-2CVP

Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31
VLAI
Details

Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22292"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-755"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-14T19:15:16Z",
    "severity": "HIGH"
  },
  "details": "Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-cp97-6mf7-2cvp",
  "modified": "2023-11-14T21:31:01Z",
  "published": "2023-11-14T21:31:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22292"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-CX8W-R23V-JMJV

Vulnerability from github – Published: 2024-10-29 18:30 – Updated: 2024-10-29 18:30
VLAI
Details

Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-26586"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-14T14:15:44Z",
    "severity": "MODERATE"
  },
  "details": "Uncaught exception for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.",
  "id": "GHSA-cx8w-r23v-jmjv",
  "modified": "2024-10-29T18:30:33Z",
  "published": "2024-10-29T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26586"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00947.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-F269-VFMQ-VJVJ

Vulnerability from github – Published: 2026-03-13 20:07 – Updated: 2026-03-13 20:07
VLAI
Summary
Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client
Details

Impact

A server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process.

Patches

Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.

Workarounds

There are no workarounds.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "undici"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.24.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "undici"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.0.0"
            },
            {
              "fixed": "7.24.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-1528"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-13T20:07:26Z",
    "nvd_published_at": "2026-03-12T21:16:25Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici\u0027s ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. \n\n### Patches\n\n\n Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.\n\n### Workarounds\n\nThere are no workarounds.",
  "id": "GHSA-f269-vfmq-vjvj",
  "modified": "2026-03-13T20:07:26Z",
  "published": "2026-03-13T20:07:26Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/nodejs/undici/security/advisories/GHSA-f269-vfmq-vjvj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1528"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3537648"
    },
    {
      "type": "WEB",
      "url": "https://cna.openjsf.org/security-advisories.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/nodejs/undici"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client"
}

GHSA-F2JV-WJJC-2C94

Vulnerability from github – Published: 2026-04-22 18:31 – Updated: 2026-04-29 23:02
VLAI
Summary
uutils coreutils has an Uncaught Exception When Encountering Valid but Non-UTF-8 Paths
Details

The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect(), causing an immediate crash when encountering valid but non-UTF-8 paths. This diverges from GNU sort, which treats filenames as raw bytes. A local attacker can exploit this to crash the utility and disrupt automated pipelines.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "coreutils"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.8.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-35348"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T23:02:15Z",
    "nvd_published_at": "2026-04-22T17:16:37Z",
    "severity": "MODERATE"
  },
  "details": "The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and utilizes expect(), causing an immediate crash when encountering valid but non-UTF-8 paths. This diverges from GNU sort, which treats filenames as raw bytes. A local attacker can exploit this to crash the utility and disrupt automated pipelines.",
  "id": "GHSA-f2jv-wjjc-2c94",
  "modified": "2026-04-29T23:02:15Z",
  "published": "2026-04-22T18:31:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35348"
    },
    {
      "type": "WEB",
      "url": "https://github.com/uutils/coreutils/issues/9696"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/uutils/coreutils"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "uutils coreutils has an Uncaught Exception When Encountering Valid but Non-UTF-8 Paths"
}

GHSA-F5P7-9FR5-8JMJ

Vulnerability from github – Published: 2026-05-06 21:24 – Updated: 2026-05-13 16:41
VLAI
Summary
Granian vulnerable to DoS via WSGI response header panic
Details

Summary

Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap() on both the header name and header value constructors, so malformed output from the application becomes a process abort instead of a handled error.

This issue requires a buggy or attacker-influenced WSGI application to emit invalid headers. It is not a parser bug in Granian's request path. The security impact is that application mistakes which should result in a 500 instead kill the worker process.

Details

https://github.com/emmett-framework/granian/blob/bdd5b0fbbb2aca6f2f4c0d2700c244d190958035/src/wsgi/io.rs#L39-L42

If either conversion fails, .unwrap() panics. In release builds Granian uses panic = "abort", so the panic terminates the worker.

Preconditions

The attacker must be able to influence a header name or value produced by the WSGI application, or the application must otherwise generate invalid headers.

Examples include:

  • a header name containing a space
  • a header value containing \r\n
  • a header value containing a null byte

These are realistic failure modes for applications that reflect user-controlled data into headers such as Location, Content Disposition, or custom response headers.

PoC

Step 1

start Granian with the PoC WSGI app

# app.py
def app(environ, start_response):
    path = environ.get("PATH_INFO", "/")
    if path == "/crash-name":
        headers = [("X Bad Name", "value")]
    elif path == "/crash-value":
        headers = [("Content-Type", "text/html\r\nX-Injected: evil")]
    elif path == "/crash-null":
        headers = [("X-Custom", "value\x00end")]
    else:
        start_response("200 OK", [("Content-Type", "text/plain")])
        return [b"OK - server alive\n"]

    start_response("200 OK", headers)
    return [b"This response kills the worker\n"]

granian --interface wsgi app:app --host 127.0.0.1 --port 8000

Step 2

trigger the crash (any one of these is sufficient)

curl http://127.0.0.1:8000/crash-name
curl http://127.0.0.1:8000/crash-value
curl http://127.0.0.1:8000/crash-null

Expected result:

  • the worker aborts after any of the crash paths
  • subsequent requests fail until the worker is restarted

Impact

  • Worker process denial of service
  • A single bad response kills one worker
  • Application bugs become process crashes instead of request-scoped failures
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "granian"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.2.0"
            },
            {
              "fixed": "2.7.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42545"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-755"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T21:24:56Z",
    "nvd_published_at": "2026-05-12T22:16:34Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nGranian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses `.unwrap()` on both the header name and header value constructors, so malformed output from the application becomes a process abort instead of a handled error.\n\nThis issue requires a buggy or attacker-influenced WSGI application to emit invalid headers. It is not a parser bug in Granian\u0027s request path. The security impact is that application mistakes which should result in a `500` instead kill the worker process.\n\n### Details\n\nhttps://github.com/emmett-framework/granian/blob/bdd5b0fbbb2aca6f2f4c0d2700c244d190958035/src/wsgi/io.rs#L39-L42\n\nIf either conversion fails, `.unwrap()` panics. In release builds Granian uses `panic = \"abort\"`, so the panic terminates the worker.\n\n\n#### Preconditions\n\nThe attacker must be able to influence a header name or value produced by the WSGI application, or the application must otherwise generate invalid headers.\n\nExamples include:\n\n- a header name containing a space\n- a header value containing `\\r\\n`\n- a header value containing a null byte\n\nThese are realistic failure modes for applications that reflect user-controlled data into headers such as `Location`, `Content Disposition`, or custom response headers.\n\n### PoC\n\n#### Step 1\n\nstart Granian with the PoC WSGI app\n\n```python\n# app.py\ndef app(environ, start_response):\n    path = environ.get(\"PATH_INFO\", \"/\")\n    if path == \"/crash-name\":\n        headers = [(\"X Bad Name\", \"value\")]\n    elif path == \"/crash-value\":\n        headers = [(\"Content-Type\", \"text/html\\r\\nX-Injected: evil\")]\n    elif path == \"/crash-null\":\n        headers = [(\"X-Custom\", \"value\\x00end\")]\n    else:\n        start_response(\"200 OK\", [(\"Content-Type\", \"text/plain\")])\n        return [b\"OK - server alive\\n\"]\n\n    start_response(\"200 OK\", headers)\n    return [b\"This response kills the worker\\n\"]\n\n```\n\n```bash\ngranian --interface wsgi app:app --host 127.0.0.1 --port 8000\n```\n\n#### Step 2\n\ntrigger the crash (any one of these is sufficient)\n\n```bash\ncurl http://127.0.0.1:8000/crash-name\ncurl http://127.0.0.1:8000/crash-value\ncurl http://127.0.0.1:8000/crash-null\n```\n\n\nExpected result:\n\n- the worker aborts after any of the crash paths\n- subsequent requests fail until the worker is restarted\n\n\n### Impact\n\n- Worker process denial of service\n- A single bad response kills one worker\n- Application bugs become process crashes instead of request-scoped failures",
  "id": "GHSA-f5p7-9fr5-8jmj",
  "modified": "2026-05-13T16:41:31Z",
  "published": "2026-05-06T21:24:56Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/emmett-framework/granian/security/advisories/GHSA-f5p7-9fr5-8jmj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42545"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/emmett-framework/granian"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Granian vulnerable to DoS via WSGI response header panic"
}

GHSA-F5X9-8JWC-25RW

Vulnerability from github – Published: 2022-06-02 20:37 – Updated: 2024-11-19 16:18
VLAI
Summary
Uncaught Exception (due to a data race) leads to process termination in Waitress
Details

Impact

Waitress may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed.

Patches

This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket, instead it is always delegated to the main thread.

Workarounds

There is no work-around, however users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.

For more information

If you have any questions or comments about this advisory: * Open an issue in https://github.com/Pylons/waitress/issues (if not sensitive or security related) * email the Pylons Security mailing list: pylons-project-security@googlegroups.com (if security related)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "waitress"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1.0"
            },
            {
              "fixed": "2.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31015"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-248",
      "CWE-362"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-02T20:37:48Z",
    "nvd_published_at": "2022-05-31T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nWaitress may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed.\n\n### Patches\n\nThis issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket, instead it is always delegated to the main thread.\n\n### Workarounds\n\nThere is no work-around, however users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in https://github.com/Pylons/waitress/issues (if not sensitive or security related)\n* email the Pylons Security mailing list: [pylons-project-security@googlegroups.com](mailto:pylons-project-security@googlegroups.com) (if security related)\n",
  "id": "GHSA-f5x9-8jwc-25rw",
  "modified": "2024-11-19T16:18:32Z",
  "published": "2022-06-02T20:37:48Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Pylons/waitress/security/advisories/GHSA-f5x9-8jwc-25rw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31015"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Pylons/waitress/issues/374"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Pylons/waitress/pull/377"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Pylons/waitress/commit/4f6789b035610e0552738cdc4b35ca809a592d48"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Pylons/waitress"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2022-205.yaml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Uncaught Exception (due to a data race) leads to process termination in Waitress"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.