gunicorn@22.0.0 vulnerabilities

WSGI HTTP Server for UNIX

latest version

23.0.0

latest non vulnerable version

23.0.0

first published

15 years ago

latest version published

1 years ago

licenses detected

MIT
[0.7.0,)

View gunicorn package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the gunicorn package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H HTTP Request Smuggling gunicorn is a Python WSGI HTTP Server for UNIX Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper validation of the `Transfer-Encoding` header. An attacker can manipulate session data, poison caches, or compromise data integrity by exploiting the fallback to `Content-Length` when `Transfer-Encoding` is not correctly handled. How to fix HTTP Request Smuggling? Upgrade `gunicorn` to version 23.0.0 or higher.	[,23.0.0)

HTTP Request Smuggling

gunicorn is a Python WSGI HTTP Server for UNIX

Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper validation of the Transfer-Encoding header. An attacker can manipulate session data, poison caches, or compromise data integrity by exploiting the fallback to Content-Length when Transfer-Encoding is not correctly handled.

How to fix HTTP Request Smuggling?

Upgrade gunicorn to version 23.0.0 or higher.

[,23.0.0)

Go back to all versions of this package