VYPR

PyPI package

gunicorn

pkg:pypi/gunicorn

Vulnerabilities (3)

  • CVE-2024-6827HigMar 20, 2025
    affected < 22.0.0fixed 22.0.0

    Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache

  • CVE-2024-1135HigApr 16, 2024
    affected < 22.0.0fixed 22.0.0

    Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due t

  • CVE-2018-1000164HigApr 18, 2018
    affected < 19.5.0fixed 19.5.0

    gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appe