INFSA-2024:8834: python-gevent security update
Information about definition
Identificator: INFSA-2024:8834
Type: security
Release date: 2024-11-12 06:38:22 UTC
Information about package
gevent is a coroutine-based Python networking library that uses greenlet to provide a high-level synchronous API on top of libevent event loop. Features include: * convenient API around greenlets; * familiar synchronization primitives (gevent.event, gevent.queue); * socket module; * WSGI server on top of libevent-http; * DNS requests done through libevent-dns; * monkey patching utility to get pure Python modules to cooperate;
Vulnerabilities description
- CVE-2023-41419
An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2023-41419
|
no information | 9.1 | no information |
Updated packages