QwikSec

Security Database

CVE

CWE

Training

CVE-2018-1000164

Published: Apr 18, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5

x_refsource_MISC

[debian-lts-announce] 20180422 [SECURITY] [DLA 1357-1] gunicorn security update

mailing-list

x_refsource_MLIST

https://github.com/benoitc/gunicorn/issues/1227

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.