ROOT-APP-PYPI-CVE-2024-1135 CVE-2024-1135 in rootio-gunicorn - Patched by Root

Root has patched CVE-2024-1135 in the rootio-gunicorn package for Root:PyPI. Multiple fixed versions available...

ROOT-APP-PYPI-CVE-2024-6827 CVE-2024-6827 in rootio-gunicorn - Patched by Root

Root has patched CVE-2024-6827 in the rootio-gunicorn package for Root:PyPI. Multiple fixed versions available...

Astra Linux - уязвимость в gunicorn

Gunicorn fails to properly validate Transfer-Encoding headers, resulting in HTTP Request Smuggling HRS vulnerabilities. By creating requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue arises due to Gunicorn’s...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling vulnerability due to gunicorn

Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-rag-tool Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watsonx Orchestrate Developer...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling (HRS) due to gunicorn

Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of wxo-rag-tool image Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads ...

ROS-20251203-02

A vulnerability in the Pulpcore component of the Pulp software package management platform Pulp is related to with a bug in the puppet-pulpcore configuration when using Gunicorn versions prior to 22.0. Exploitation of this vulnerability could allow an attacker acting remotely to bypass the...

CVE-2025-66206

Frappe is a full-stack web application framework. Prior to 15.86.0 and 14.99.2, certain requests were vulnerable to path traversal attacks, wherein some files from the server could be retrieved if the full path was known. Sites hosted on Frappe Cloud, and even other setups that are behind a rever...

CVE-2025-66206

CVE-2025-66206 affects Frappe, a full-stack web application framework. Prior to versions 15.86.0 and 14.99.2 , certain requests were vulnerable to path traversal, enabling retrieval of server files if the full path was known. The issue mainly impacts installations directly using werkzeug/gunicorn...

PT-2025-48550

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.86.0 Frappe versions prior to 14.99.2 Description Frappe, a full-stack web application framework, had requests vulnerable to path traversal attacks in versions prior to 15.86.0 and 14.99.2. This allowed retrieval of...

ROS-20251125-03

WSGI server gunicorn vulnerability is related to flaws in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the existing security restrictions and execute an HTTP request smuggling attack...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Container Release Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams,...

EUVD-2018-4523

Malware in sbrugna...

EUVD-2018-0076

Malware in sbrugna...

EUVD-2024-1316

Malicious code in bioql PyPI...

EUVD-2024-48867

Malicious code in bioql PyPI...

EUVD-2022-28535

Malicious code in bioql PyPI...

Security Bulletin: This vulnerability can lead to cache poisoning, data exposure, session manipulation, etc , which affects IBM watsonx.data

Summary Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning...

ROS-20250821-01

WSGI server gunicorn vulnerability is related to flaws in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the existing security restrictions and execute an HTTP request smuggling attack...

Linux Distros Unpatched Vulnerability : CVE-2024-6827

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default...

TencentOS Server 4: python-gunicorn (TSSA-2024:0663)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0663 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...