Lucene search
GoogleOSV:GHSA-63H2-9CC8-FC7MHistoryMay 24, 2022 - 5:18 p.m.
meinheld vulnerable to HTTP Request Smuggling
2022-05-2417:18:38
Google
osv.dev
5
meinheld
http request smuggling
vulnerability
software
pipelining issues
request smuggling attacks
content-length
transfer encoding header parsing
EPSS
0.001
Percentile
45.5%
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.
References
github.com/mopemope/meinheld/blob/master/CHANGES.rst
github.com/mopemope/meinheld/commit/0cfa70b2cd3800f1e4beeaef5421b156d90f0e09
github.com/mopemope/meinheld/commit/3bc3e7ccd534277af955c0c92981d0aa033929a7
github.com/mopemope/meinheld/commit/4155876bfd3e8fc4adad4aaa59ec3f1cefa1d2d1
github.com/mopemope/meinheld/issues/111
nvd.nist.gov/vuln/detail/CVE-2020-7658
snyk.io/vuln/SNYK-PYTHON-MEINHELD-569140
Related
osv
osv
PYSEC-2020-239
2020-05-22 16:15:00
CVE-2020-7658
2020-05-22 16:15:10
prion
prion
Design/Logic Flaw
2020-05-22 16:15:00
github
github
meinheld vulnerable to HTTP Request Smuggling
2022-05-24 17:18:38
veracode
veracode
HTTP Request Smuggling
2020-05-26 05:20:43
cvelist
cvelist
CVE-2020-7658
2020-05-22 15:48:43
nvd
nvd
CVE-2020-7658
2020-05-22 16:15:10
cve
cve
CVE-2020-7658
2020-05-22 16:15:10