FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-gunicorn -- CWE-113 vulnerability

Affected packages
py27-gunicorn < 19.5.0
py35-gunicorn < 19.5.0
py36-gunicorn < 19.5.0
py37-gunicorn < 19.5.0

Details

VuXML ID a3e24de7-3f0c-11e9-87d1-00012e582166
Discovery 2018-04-02
Entry 2019-03-05

Everardo reports:

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in process_headers function in gunicorn/http/wsgi.py that can result in an attacker causing the server to return arbitrary HTTP headers.

References

CVE Name CVE-2018-1000164
URL https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5