High severity7.5NVD Advisory· Published Apr 18, 2018· Updated Jun 17, 2026
CVE-2018-1000164
CVE-2018-1000164
Description
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gunicornPyPI | < 19.5.0 | 19.5.0 |
Affected products
1Patches
Vulnerability mechanics
References
9- epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5nvdExploitThird Party AdvisoryWEB
- github.com/benoitc/gunicorn/issues/1227nvdExploitIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-32pc-xphx-q4f6ghsaADVISORY
- lists.debian.org/debian-lts-announce/2018/04/msg00022.htmlnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-1000164ghsaADVISORY
- www.debian.org/security/2018/dsa-4186nvdThird Party AdvisoryWEB
- github.com/pypa/advisory-database/tree/main/vulns/gunicorn/PYSEC-2018-55.yamlghsaWEB
- usn.ubuntu.com/4022-1ghsaWEB
- usn.ubuntu.com/4022-1/nvd
News mentions
0No linked articles in our index yet.