{"schema_version":"1.7.2","id":"OESA-2023-1698","modified":"2023-09-28T11:06:03Z","published":"2023-09-28T11:06:03Z","upstream":["CVE-2023-41419"],"summary":"python-gevent security update","details":"gevent is a coroutine -based Python networking library that uses greenlet to provide a high-level synchronous API on top of the libev or libuv event loop.\r\n\r\nSecurity Fix(es):\r\n\r\nAn issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.(CVE-2023-41419)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"python-gevent","purl":"pkg:rpm/openEuler/python-gevent\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"21.1.2-2.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["python-gevent-debugsource-21.1.2-2.oe2203sp1.aarch64.rpm","python-gevent-debuginfo-21.1.2-2.oe2203sp1.aarch64.rpm","python3-gevent-21.1.2-2.oe2203sp1.aarch64.rpm"],"noarch":["python-gevent-help-21.1.2-2.oe2203sp1.noarch.rpm"],"src":["python-gevent-21.1.2-2.oe2203sp1.src.rpm"],"x86_64":["python3-gevent-21.1.2-2.oe2203sp1.x86_64.rpm","python-gevent-debuginfo-21.1.2-2.oe2203sp1.x86_64.rpm","python-gevent-debugsource-21.1.2-2.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1698"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-41419"}],"database_specific":{"severity":"Critical"}}