GitHub Advisory DatabaseGHSA-63H2-9CC8-FC7Mmeinheld vulnerable to HTTP Request Smuggling
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
45.7%
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.
Affected configurations
References
github.com/advisories/GHSA-63h2-9cc8-fc7m
github.com/mopemope/meinheld/blob/master/CHANGES.rst
github.com/mopemope/meinheld/commit/0cfa70b2cd3800f1e4beeaef5421b156d90f0e09
github.com/mopemope/meinheld/commit/3bc3e7ccd534277af955c0c92981d0aa033929a7
github.com/mopemope/meinheld/commit/4155876bfd3e8fc4adad4aaa59ec3f1cefa1d2d1
github.com/mopemope/meinheld/issues/111
nvd.nist.gov/vuln/detail/CVE-2020-7658
snyk.io/vuln/SNYK-PYTHON-MEINHELD-569140
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
45.7%