CVE-2018-1000164

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.
Configurations

Configuration 1

cpe:2.3:a:gunicorn:gunicorn:19.4.5:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Information

Published : 2018-04-18 07:29

Updated : 2019-06-19 10:15


NVD link : CVE-2018-1000164

Mitre link : CVE-2018-1000164

Products Affected
No products.
CWE