{"id":"PYSEC-2023-177","details":"An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.","aliases":["CVE-2023-41419","GHSA-x7m3-jprg-wc5g"],"modified":"2023-11-08T04:13:26.094496Z","published":"2023-09-25T12:15:00Z","references":[{"type":"REPORT","url":"https://github.com/gevent/gevent/issues/1989"},{"type":"FIX","url":"https://github.com/gevent/gevent/commit/2f53c851eaf926767fbac62385615efd4886221c"}],"affected":[{"package":{"name":"gevent","ecosystem":"PyPI","purl":"pkg:pypi/gevent"},"ranges":[{"type":"GIT","repo":"https://github.com/gevent/gevent","events":[{"introduced":"0"},{"fixed":"2f53c851eaf926767fbac62385615efd4886221c"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"23.9.0"}]}],"versions":["0.10.0","0.11.0","0.11.1","0.11.2","0.12.0","0.12.1","0.12.2","0.13.0","0.13.1","0.13.2","0.13.3","0.13.4","0.13.5","0.13.6","0.13.7","0.13.8","0.9.2","0.9.3","1.0","1.0.1","1.0.2","1.1.0","1.1.1","1.1.2","1.1a1","1.1a2","1.1b1","1.1b2","1.1b3","1.1b4","1.1b5","1.1b6","1.1rc1","1.1rc2","1.1rc3","1.1rc4","1.1rc5","1.2.0","1.2.1","1.2.2","1.2a1","1.2a2","1.3.0","1.3.1","1.3.2","1.3.2.post0","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3a1","1.3a2","1.3b1","1.3b2","1.4.0","1.5.0","1.5a1","1.5a2","1.5a3","1.5a4","20.12.0","20.12.1","20.4.0","20.5.0","20.5.1","20.5.2","20.6.0","20.6.1","20.6.2","20.9.0","21.1.0","21.1.1","21.1.2","21.12.0","21.8.0","22.10.1","22.10.2","22.8.0","23.7.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/gevent/PYSEC-2023-177.yaml"}}],"schema_version":"1.7.3"}