uWSGI is a web application server, which implements protocols such as WSGI/uwsgi/http, and supports for various languages through plugins.

uWSGI allows configuring back-end web application dynamically through uwsgi protocol magic variables. If the uWSGI port is exposed, attackers can construct uwsgi packets and specify the magic variable UWSGI_FILE to execute arbitrary commands using the exec:// protocol.

It was confirmed that the uWSGI port 8000 is publicly accessible.


The uWSGI port should not be publicly accessible. uWSGI should be configured to listen only on the local interface (


Related Vulnerabilities