CVE-2018-1000164

Опубликовано: 18 апр. 2018

Источник: ubuntu

Приоритет: low

CVSS2: 5

CVSS3: 7.5

Описание

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.

Релиз	Статус	Примечание
artful	not-affected	19.7.1-3
bionic	not-affected
cosmic	not-affected
devel	not-affected
disco	not-affected
eoan	not-affected
esm-apps/bionic	not-affected
esm-apps/focal	not-affected
esm-apps/jammy	not-affected
esm-apps/xenial	released	19.4.5-1ubuntu1.1

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2018-1000164

CVSS3: 5.3

redhat

почти 10 лет назад

CVE-2018-1000164

CVSS3: 7.5

nvd

почти 8 лет назад

CVE-2018-1000164

CVSS3: 7.5

debian

почти 8 лет назад

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of ...

openSUSE-SU-2018:0965-1

suse-cvrf

почти 8 лет назад

Security update for python-gunicorn, python3-gunicorn

GHSA-32pc-xphx-q4f6

CVSS3: 7.5

github

больше 7 лет назад

Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2018-1000164

Описание

Пакет gunicorn

Ссылки на источники

Связанные уязвимости