VYPR
High severity7.5GHSA Advisory· Published Mar 20, 2025· Updated Apr 15, 2026

CVE-2024-6827

CVE-2024-6827

Description

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
gunicornPyPI
< 22.0.022.0.0

Affected products

38

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.