{"id":"PYSEC-2021-12","details":"Eventlet is a concurrent networking library for Python. A websocket peer may exhaust memory on Eventlet side by sending very large websocket frames. Malicious peer may exhaust memory on Eventlet side by sending highly compressed data frame. A patch in version 0.31.0 restricts websocket frame to reasonable limits. As a workaround, restricting memory usage via OS limits would help against overall machine exhaustion, but there is no workaround to protect Eventlet process.","aliases":["CVE-2021-21419","GHSA-9p9m-jm8w-94p2"],"modified":"2023-11-08T04:04:45.339697Z","published":"2021-05-07T15:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/eventlet/eventlet/security/advisories/GHSA-9p9m-jm8w-94p2"}],"affected":[{"package":{"name":"eventlet","ecosystem":"PyPI","purl":"pkg:pypi/eventlet"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.10.0"},{"fixed":"0.31.0"}]}],"versions":["0.10.0","0.11.0","0.12.1","0.13.0","0.14.0","0.15.2","0.16.1","0.17.4","0.18.2","0.18.3","0.18.4","0.19.0","0.20.0","0.20.1","0.21.0","0.22.0","0.22.1","0.23.0","0.24.0","0.24.1","0.25.0","0.25.1","0.25.2","0.26.0","0.26.1","0.27.0","0.28.0","0.28.1","0.29.0","0.29.1","0.30.0","0.30.1","0.30.2","0.30.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/eventlet/PYSEC-2021-12.yaml"}}],"schema_version":"1.7.3"}