High severityNVD Advisory· Published Dec 22, 2022· Updated Apr 15, 2025
CVE-2022-40899
CVE-2022-40899
Description
An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
futurePyPI | < 0.18.3 | 0.18.3 |
Affected products
33- Python Charmers/Futuredescription
- ghsa-coords32 versionspkg:pypi/futurepkg:rpm/opensuse/python-future&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-future&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/python-future&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOSpkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python3-base&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python3-base&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-ESPOSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python3&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python3&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-future&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/python-future&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/python-future&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/python-future&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/python-future&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012pkg:rpm/suse/python-future&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/python-future&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-future&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
< 0.18.3+ 31 more
- (no CPE)range: < 0.18.3
- (no CPE)range: < 0.18.2-150300.3.3.1
- (no CPE)range: < 0.18.2-150300.3.3.1
- (no CPE)range: < 0.18.2-150300.3.3.1
- (no CPE)range: < 3.4.10-25.105.1
- (no CPE)range: < 3.4.10-25.108.1
- (no CPE)range: < 3.4.10-25.108.1
- (no CPE)range: < 3.4.10-25.108.1
- (no CPE)range: < 3.4.10-25.105.1
- (no CPE)range: < 3.4.10-25.108.1
- (no CPE)range: < 3.4.10-25.105.1
- (no CPE)range: < 3.4.10-25.105.1
- (no CPE)range: < 3.4.10-25.108.1
- (no CPE)range: < 3.4.10-25.108.1
- (no CPE)range: < 3.4.10-25.105.1
- (no CPE)range: < 3.4.10-25.108.1
- (no CPE)range: < 3.4.10-25.108.1
- (no CPE)range: < 3.4.10-25.108.1
- (no CPE)range: < 3.4.10-25.105.1
- (no CPE)range: < 3.4.10-25.108.1
- (no CPE)range: < 3.4.10-25.105.1
- (no CPE)range: < 3.4.10-25.105.1
- (no CPE)range: < 3.4.10-25.108.1
- (no CPE)range: < 3.4.10-25.108.1
- (no CPE)range: < 0.18.2-150300.3.3.1
- (no CPE)range: < 0.18.2-150300.3.3.1
- (no CPE)range: < 0.18.2-150300.3.3.1
- (no CPE)range: < 0.18.2-150300.3.3.1
- (no CPE)range: < 0.15.2-3.3.1
- (no CPE)range: < 0.18.2-150300.3.3.1
- (no CPE)range: < 0.15.2-3.5.1
- (no CPE)range: < 0.15.2-3.5.1
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-v3c5-jqr6-7qm8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-40899ghsaADVISORY
- github.com/PythonCharmers/python-future/blob/master/src/future/backports/http/cookiejar.pyghsaWEB
- github.com/PythonCharmers/python-future/commit/c91d70b34ef0402aef3e9d04364ba98509dca76fghsaWEB
- github.com/PythonCharmers/python-future/pull/610ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/future/PYSEC-2022-42991.yamlghsaWEB
- github.com/python/cpython/pull/17157ghsaWEB
- pypi.org/project/futureghsaWEB
- pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packagesghsaWEB
- pypi.org/project/future/mitre
- pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/mitre
News mentions
0No linked articles in our index yet.