CVE-2019-15149

Name: CVE-2019-15149
Creator: NVD / NIST
Published: 2019-08-18T20:15:09.22+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.63%

Last modified Jun 17, 2026

CVE-2019-15149 is a vulnerability of currently unknown severity. core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. EPSS estimates a 1.63% chance of exploitation in the next 30 days.

Description

core.py in Mitogen before 0.2.8 has a typo that drops the unidirectional-routing protection mechanism in the case of a child that is initiated by another child. The Ansible extension is unaffected. NOTE: the vendor disputes this issue because it is exploitable only in conjunction with hypothetical other factors, i.e., an affected use case within a library caller, and a bug in the message receiver policy code that led to reliance on this extra protection mechanism

Metrics

EPSS Probability

1.63%

73.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-254

Affected Software

Vendor	Product	Versions
Networkgenomics	Mitogen	< 0.2.8

References

https://github.com/dw/mitogen/commit/5924af1566763e48c42028399ea0cd95c457b3dcPatch, Third Party Advisory
https://mitogen.networkgenomics.com/changelog.html#v0-2-8-2019-08-18Release Notes
https://github.com/dw/mitogen/commit/5924af1566763e48c42028399ea0cd95c457b3dcPatch, Third Party Advisory
https://mitogen.networkgenomics.com/changelog.html#v0-2-8-2019-08-18Release Notes

Timeline

Published: Aug 18, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-15149?

How severe is CVE-2019-15149?

Severity scoring for CVE-2019-15149 is pending analysis. The EPSS model estimates a 1.63% probability of exploitation in the next 30 days.

How do I fix CVE-2019-15149?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-15149?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST