In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade gunicorn
to version 19.10.0, 20.0.1 or higher.
gunicorn is a Python WSGI HTTP Server for UNIX
Affected versions of this package are vulnerable to HTTP Request Smuggling. It fails to properly process the Transfer-Encoding
and Content-Length
headers when both are present in a package request. This allows for conflicting information to be sent regarding the length of the package, which when processed by back-end servers under certain configurations would allow for malicious users to bypass security controls, gain unauthorized access to sensitive data, and directly compromise other application users.