Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling vulnerability due to gunicorn

Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of image: wxo-rag-tool Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected Products| Versions ---|--- IBM watsonx Orchestrate Developer...

PT-2025-48550

Name of the Vulnerable Software and Affected Versions Frappe versions prior to 15.86.0 Frappe versions prior to 14.99.2 Description Frappe, a full-stack web application framework, had requests vulnerable to path traversal attacks in versions prior to 15.86.0 and 14.99.2. This allowed retrieval of...

ROS-20251125-03

WSGI server gunicorn vulnerability is related to flaws in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the existing security restrictions and execute an HTTP request smuggling attack...

Malicious code in gunicorn (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 269ac7e0cc85fe2e3078f51d0b39078670681500d705eb403172aead25d9ca18 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly...

Security Bulletin: Multiple vulnerabilities in IBM Spectrum Protect Plus Container backup and restore for Kubernetes and OpenShift

Summary IBM Spectrum Protect Plus Container backup and restore for OpenShift can be affected by vulnerabilities in Python, OpenSSH, Golang Go, Redis, urllib3, dnspython and gunicorn. Vulnerabilities include denial of service, cross-site scripting, gain elevated privileges on the system, allow a...

HTTP Request Smuggling

Overview gunicorn is a Python WSGI HTTP Server for UNIX Affected versions of this package are vulnerable to HTTP Request Smuggling due to improper validation of the Transfer-Encoding header. An attacker can manipulate session data, poison caches, or compromise data integrity by exploiting the...

CVE-2024-6827

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

[SECURITY] Fedora 42 Update: python-gunicorn-23.0.0-1.fc42

Gunicorn 'Green Unicorn' is a Python WSGI HTTP Server for UNIX. It is a pre-fork worker model. The Gunicorn server is broadly compatible with various web frameworks, simply implemented, light on server resources, and fairly speedy...

Debian dla-3996 : gunicorn - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-3996 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3996-1 [email protected] https://www.debian.org/lts/security/...

python-gunicorn: HTTP Request Smuggling due to improper validation of Transfer-Encoding headers

An HTTP Request Smuggling vulnerability was found in Gunicorn. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly...

puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

puppet-pulpcore: An authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

CVE-2024-7923

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

CVE-2024-7923 Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

CVE-2024-7923

CVE-2024-7923: Authentication bypass in Pulpcore when deployed with Gunicorn

CVE-2024-7923 Puppet-pulpcore: an authentication bypass vulnerability exists in pulpcore

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

CVE-2024-7923

An authentication bypass vulnerability has been identified in Pulpcore when deployed with Gunicorn versions prior to 22.0, due to the puppet-pulpcore configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers,...

K000140787: Gunicorn vulnerability CVE-2024-1135

Security Advisory Description Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This iss...

SUSE-SU-2024:2881-1 Security update for python-gunicorn

This update for python-gunicorn fixes the following issues: - CVE-2024-1135: Fixed HTTP Request Smuggling due to improperly validate Transfer-Encoding headers bsc1222950...