CVE-2020-5236: Uncontrolled Resource Consumption
(updated )
Waitress version allows a DoS attack when waitress receives a header that contains invalid characters. When a header similar to Bad-header: xxxxxxxxxxxxxxx\x10
is received, it will cause the regular expression engine to catastrophically backtrack causing the process to use % CPU time and blocking any other interactions. This allows an attacker to send a single request with an invalid header and take the service offline.
References
Detect and mitigate CVE-2020-5236 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →