9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-41419

CVE-2023-41419: Gevent allows remote attacker to escalate privileges

An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-41419

CVE-2023-41419:

9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
gevent	pip	< 23.9.0	23.9.0

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper handling of HTTP chunked transfer encoding trailers in WSGIServer. The commit shows critical modifications to __read_chunk_length (added strict validation of HEX characters, chunk size limits, and trailer processing) and handle_one_response (added error handling for invalid client input). The CVE description explicitly mentions crafted chunk trailers being misinterpreted as new requests, which aligns with the pre-patch behavior of these functions. Test cases in test__pywsgi.py demonstrate scenarios where malicious trailers could be smuggled as new requests.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

9.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-41419: Gevent allows remote attacker to escalate privileges

CVE-2023-41419:

9.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

Basic Information

Basic Information

9.8

9.8

CVE-2023-41419: Gevent allows remote attacker to escalate privileges

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

9.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-41419: Gevent allows remote attacker to escalate privileges

CVE-2023-41419:

9.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

9.8

9.8

CVE-2023-41419: Gevent allows remote attacker to escalate privileges

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI