CVE-2019-15149

Name of the Vulnerable Software and Affected Versions Mitogen versions prior to 0.2.8

Description The issue is related to a typo in core.py that affects the unidirectional-routing protection mechanism when a child is initiated by another child. The Ansible extension is not affected. The vendor disputes this issue, stating it is only exploitable in conjunction with other hypothetical factors, including an affected use case within a library caller and a bug in the message receiver policy code.

Recommendations For versions prior to 0.2.8, update to version 0.2.8 or later to resolve the issue. As a temporary workaround, consider reviewing and adjusting the message receiver policy code to minimize reliance on the extra protection mechanism dropped due to the typo.