Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-32pc-xphx-q4f6

Опубликовано: 12 июл. 2018
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5

Описание

Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.

Ссылки

Пакеты

Наименование

gunicorn

pip
Затронутые версииВерсия исправления

< 19.5.0

19.5.0

EPSS

Процентиль: 81%
0.01484
Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2018-1000164

Дефекты

CWE-93

Связанные уязвимости

ubuntu логотип

CVE-2018-1000164

CVSS3: 7.5
ubuntu
почти 8 лет назад

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.

redhat логотип

CVE-2018-1000164

CVSS3: 5.3
redhat
почти 10 лет назад

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.

nvd логотип

CVE-2018-1000164

CVSS3: 7.5
nvd
почти 8 лет назад

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.

debian логотип

CVE-2018-1000164

CVSS3: 7.5
debian
почти 8 лет назад

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of ...

suse-cvrf логотип

openSUSE-SU-2018:0965-1

suse-cvrf
почти 8 лет назад

Security update for python-gunicorn, python3-gunicorn

EPSS

Процентиль: 81%
0.01484
Низкий

8.7 High

CVSS4

7.5 High

CVSS3

CVE ID

CVE-2018-1000164

Дефекты

CWE-93