gunicorn is a Python WSGI HTTP Server for UNIX
Affected versions of this package are vulnerable to HTTP Request Smuggling.
It fails to properly process the
Content-Length headers when both are present in a package request. This allows for conflicting information to be sent regarding the length of the package, which when processed by back-end servers under certain configurations would allow for malicious users to bypass security controls, gain unauthorized access to sensitive data, and directly compromise other application users.
gunicorn to version 19.10.0, 20.0.1 or higher.
- Austin Jones
- Snyk ID
- 15 Nov, 2019
- 09 Jan, 2020