CVE-2023-41419

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Gevent versions prior to 23.9.1 Gevent version 23.9.0

Description The issue in Gevent is related to insufficient validation of executed requests in the WSGIServer component, allowing a remote attacker to escalate privileges via a crafted script. This can impact the integrity, availability, and confidentiality of protected information.

Recommendations For Gevent versions prior to 23.9.1, update to version 23.9.1 or later to resolve the issue. For Gevent version 23.9.0, update to version 23.9.1 to resolve the issue. As a temporary workaround, consider restricting access to the WSGIServer component until a patch is available.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALSA-2024:8834

AZL-30058

BDU:2023-06603

CESA-2024_8834

CVE-2023-41419

DLA-4377-1

GHSA-X7M3-JPRG-WC5G

INFSA-2024_8834

OESA-2023-1697

OESA-2023-1698

OESA-2023-1699

OPENSUSE-SU-2024:13254-1

PYSEC-2023-177

RHSA-2023:7438

RHSA-2024:7421

RHSA-2024:7785

RHSA-2024:8102

RHSA-2024:8105

RHSA-2024:8834

RHSA-2024_8834

SUSE-SU-2023:3975-1

SUSE-SU-2023:4009-1

SUSE-SU-2023:4091-1

SUSE-SU-2023_4091-1

Affected Products

Almalinux

Centos

Debian

Gevent

Red Hat

Red Os

Suse

CVE-2023-41419

Weakness Enumeration

Related Identifiers

Affected Products

References · 47