CNNVD-202508-3484 Information
CNNVD ID
CNNVD-202508-3484
Related CVE
- CNNVD Published: 2025-08-29
Description (Chinese)
Eventlet是Python的一个并发网络库。 Eventlet 0.40.3之前版本存在环境问题漏洞,该漏洞源于HTTP请求夹带处理不当,可能导致前端安全控制绕过。
Description (English)
Eventlet is one of Python’s co-located web banks. Prior to Eventlet 0.40.3, there was an environmental loophole, which stemmed from the inappropriate handling of HTTP request belts, which could lead to forward-end security controls being bypassed.
Hazard Level
High
Vulnerability Type
环境问题
Published
2025-08-29
Last Modified
2026-02-24
References
https://github.com/eventlet/eventlet/security/advisories/GHSA-hw6f-rjfj-j7j7 https://github.com/eventlet/eventlet/pull/1062 https://github.com/eventlet/eventlet/commit/0bfebd1117d392559e25b4bfbfcc941754de88fb https://vigilance.fr/vulnerability/Eventlet-ingress-filtrering-bypass-via-WSGI-Parser-Request-Smuggling-48107 https://nvd.nist.gov/vuln/detail/CVE-2025-58068
Patch
https://github.com/eventlet/eventlet/tags
Share on: