25
Low
gevent python
AIKIDO-2024-10330: gevent is vulnerable to Race Condition in versions 1.2.0 - 24.10.0.
Race Condition
Vuln in 1.2.0 - 24.10.0
Fixed in 24.10.1
CVE-2024-3219
TL;DR
Affected versions of the package are vulnerable to a Race Condition. The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges and if you are using Windows OS.
How can it be fixed?
Upgrade gevent library to patch version.
Background info
Are you
to these issues?
Connect your GitHub, GitLab, Bitbucket or Azure DevOps account to start scanning your repos for free.
Start For FreeYour data won't be shared · Read-only access
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US