CVE-2022-31015: Uncaught Exception (due to a data race) leads to process termination in Waitress
(updated )
Waitress may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed.
References
- github.com/Pylons/waitress
- github.com/Pylons/waitress/commit/4f6789b035610e0552738cdc4b35ca809a592d48
- github.com/Pylons/waitress/issues/374
- github.com/Pylons/waitress/pull/377
- github.com/Pylons/waitress/security/advisories/GHSA-f5x9-8jwc-25rw
- github.com/advisories/GHSA-f5x9-8jwc-25rw
- github.com/pypa/advisory-database/tree/main/vulns/waitress/PYSEC-2022-205.yaml
- nvd.nist.gov/vuln/detail/CVE-2022-31015
Detect and mitigate CVE-2022-31015 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →