FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-gunicorn -- CWE-113 vulnerability

Affected packages
py27-gunicorn < 19.5.0
py35-gunicorn < 19.5.0
py36-gunicorn < 19.5.0
py37-gunicorn < 19.5.0


VuXML ID a3e24de7-3f0c-11e9-87d1-00012e582166
Discovery 2018-04-02
Entry 2019-03-05

Everardo reports:

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in process_headers function in gunicorn/http/ that can result in an attacker causing the server to return arbitrary HTTP headers.


CVE Name CVE-2018-1000164