Digitalresistor

Name of the Vulnerable Software and Affected Versions: Waitress versions prior to 3.0.1 Description: The issue is related to a race condition in the Waitress WSGI server for Python, which can be exploited by a remote client sending a request that is exactly `recv bytes` (defaults to 8192) long, followed by a secondary request using HTTP pipelining. When request lookahead is enabled, it is possible to process and receive the first request, start sending the error message back to the client while reading the next request and queueing it. This allows the secondary request to be serviced by the worker thread while the connection should be closed. Recommendations: For versions prior to 3.0.1, update to Waitress 3.0.1 to fix the race condition. As a temporary workaround, disable `channel request lookahead`, which is set to 0 by default, disabling this feature.

**Name of the Vulnerable Software and Affected Versions** Waitress versions 2.1.0 through 2.1.1 **Description** Waitress is a Web Server Gateway Interface server for Python 2 and 3. The issue arises when a thread closes a socket while the main thread is about to call `select()`, leading to the main thread raising an exception that is not handled, causing the entire application to be killed. Users using Waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response. **Recommendations** For Waitress versions 2.1.0 and 2.1.1, update to Waitress 2.1.2, which fixes the issue by no longer allowing the WSGI thread to close the socket, instead delegating this action to the main thread. As a temporary workaround for users who cannot update immediately, consider using Waitress behind a reverse proxy server that always reads the full response to minimize the risk of application termination.

**Name of the Vulnerable Software and Affected Versions** Pylons Colander versions prior to 1.7 **Description** The issue allows an attacker to potentially cause a denial of service via an unclosed parenthesis in the URL validator, which can lead to an infinite loop. **Recommendations** For versions prior to 1.7, update to version 1.7 or later to resolve the issue.