24 matches found
Astra Linux – Vulnerability in Gunicorn
Gunicorn fails to properly validate Transfer-Encoding headers, resulting in HTTP Request Smuggling HRS vulnerabilities. By creating requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue arises due to Gunicorn’s...
Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling (HRS) due to gunicorn
Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of wxo-rag-tool image Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads ...
EUVD-2018-0076
Malware in sbrugna...
EUVD-2024-1316
Malicious code in bioql PyPI...
ROS-20250821-01
WSGI server gunicorn vulnerability is related to flaws in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the existing security restrictions and execute an HTTP request smuggling attack...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to HTTP Request Smuggling due to Gunicorn ( CVE-2024-1135 )
Summary Gunicorn is used by IBM Cloud Pak for Data. CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a specially crafted HTTPS transfer-encoding...
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly...
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-6827, CVE-2025-1194]
Summary Python modules gunicorn and transformers are used by IBM App Connect Enterprise Certified Container when providing mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin...
Security Bulletin: Vulnerability in gunicorn affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-1135].
Summary The gunicorn package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the...
openSUSE Security Advisory (SUSE-SU-2025:1008-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-HC5X-X2VX-497G Gunicorn HTTP Request/Response Smuggling vulnerability
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
Gunicorn HTTP Request/Response Smuggling vulnerability
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
CVE-2024-6827
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
CVE-2024-6827
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...
CVE-2024-6827
CVE-2024-6827 affects Gunicorn 21.2.0 where Transfer-Encoding is not properly validated, causing fallback to Content-Length and TE.CL HTTP request smuggling. This can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, and data integrity issues. Root cause: improper vali...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Gunicorn
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Gunicorn Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting...
Security Bulletin: Vulnerability in gunicorn affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-1135]
Summary The gunicorn package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the...
SUSE CVE-2024-1135
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...