CVE-2022-31015

Name of the Vulnerable Software and Affected Versions Waitress versions 2.1.0 through 2.1.1

Description Waitress is a Web Server Gateway Interface server for Python 2 and 3. The issue arises when a thread closes a socket while the main thread is about to call select(), leading to the main thread raising an exception that is not handled, causing the entire application to be killed. Users using Waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.

Recommendations For Waitress versions 2.1.0 and 2.1.1, update to Waitress 2.1.2, which fixes the issue by no longer allowing the WSGI thread to close the socket, instead delegating this action to the main thread. As a temporary workaround for users who cannot update immediately, consider using Waitress behind a reverse proxy server that always reads the full response to minimize the risk of application termination.