Опубликовано: 24 мая 2022
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.1
Описание
meinheld vulnerable to HTTP Request Smuggling
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-7658
- https://github.com/mopemope/meinheld/issues/111
- https://github.com/mopemope/meinheld/commit/0cfa70b2cd3800f1e4beeaef5421b156d90f0e09
- https://github.com/mopemope/meinheld/commit/3bc3e7ccd534277af955c0c92981d0aa033929a7
- https://github.com/mopemope/meinheld/commit/4155876bfd3e8fc4adad4aaa59ec3f1cefa1d2d1
- https://github.com/mopemope/meinheld/blob/master/CHANGES.rst
- https://github.com/pypa/advisory-database/tree/main/vulns/meinheld/PYSEC-2020-239.yaml
- https://snyk.io/vuln/SNYK-PYTHON-MEINHELD-569140
Пакеты
Наименование
meinheld
pip
Затронутые версииВерсия исправления
< 1.0.2
1.0.2
Связанные уязвимости
CVSS3: 6.1
nvd
больше 5 лет назад
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.