Lucene search
+L

24 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Gunicorn

Gunicorn fails to properly validate Transfer-Encoding headers, resulting in HTTP Request Smuggling HRS vulnerabilities. By creating requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue arises due to Gunicorn’s...

7.5CVSS7.1AI score0.02996EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 10:21 a.m.9 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to HTTP Request Smuggling (HRS) due to gunicorn

Summary gunicorn is used by IBM watsonx Orchestrate Developer Edition as part of wxo-rag-tool image Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads ...

7.5CVSS6.3AI score0.00738EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-0076

Malware in sbrugna...

7.5CVSS7.4AI score0.02431EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1316

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.02996EPSS
Exploits0References9
Redos
Redos
added 2025/08/21 12:0 a.m.5 views

ROS-20250821-01

WSGI server gunicorn vulnerability is related to flaws in HTTP request handling. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the existing security restrictions and execute an HTTP request smuggling attack...

7.5CVSS7.4AI score0.02996EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/03 5:37 a.m.10 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to HTTP Request Smuggling due to Gunicorn ( CVE-2024-1135 )

Summary Gunicorn is used by IBM Cloud Pak for Data. CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP transfer-encoding headers. By sending a specially crafted HTTPS transfer-encoding...

7.5CVSS5.7AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/14 12:8 p.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to gunicorn-22.0.0-py3-none-any.whl CVE-2024-6827. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-6827 DESCRIPTION: Gunicorn version 21.2.0 does not properly...

7.5CVSS6.4AI score0.00738EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/09 12:22 p.m.9 views

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service [CVE-2024-6827, CVE-2025-1194]

Summary Python modules gunicorn and transformers are used by IBM App Connect Enterprise Certified Container when providing mapping assistance. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use mapping assistance are vulnerable to denial of service. This bulletin...

7.5CVSS4.5AI score0.00738EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/05 7:0 p.m.11 views

Security Bulletin: Vulnerability in gunicorn affects IBM Cloud Pak for Data System 1.0(CPDS 1.0)[CVE-2024-1135].

Summary The gunicorn package is used by IBM Cloud Pak for Data System 1.0. IBM Cloud Pak for Data System 1.0 has addressed the applicable CVE CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the...

7.5CVSS5.6AI score0.02996EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2025/03/27 12:0 a.m.17 views

openSUSE Security Advisory (SUSE-SU-2025:1008-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.00738EPSS
Exploits0References4
OSV
OSV
added 2025/03/20 12:32 p.m.11 views

GHSA-HC5X-X2VX-497G Gunicorn HTTP Request/Response Smuggling vulnerability

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS6.9AI score0.00738EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.66 views

Gunicorn HTTP Request/Response Smuggling vulnerability

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS6.5AI score0.00738EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/03/20 10:15 a.m.9 views

CVE-2024-6827

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS0.00738EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.15 views

CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS0.00738EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/03/20 10:9 a.m.8 views

CVE-2024-6827

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS7.2AI score0.00738EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.10 views

CVE-2024-6827 HTTP Request Smuggling in benoitc/gunicorn

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data...

7.5CVSS7.5AI score0.00738EPSS
Exploits0References1
CVE
CVE
added 2025/03/20 10:9 a.m.263 views

CVE-2024-6827

CVE-2024-6827 affects Gunicorn 21.2.0 where Transfer-Encoding is not properly validated, causing fallback to Content-Length and TE.CL HTTP request smuggling. This can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, and data integrity issues. Root cause: improper vali...

7.5CVSS6.7AI score0.00738EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 6:43 p.m.15 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in Gunicorn

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of Gunicorn Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting...

7.5CVSS7.5AI score0.02996EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/25 1:3 p.m.12 views

Security Bulletin: Vulnerability in gunicorn affects IBM Cloud Pak for Data System 2.0 (CPDS 2.0) [CVE-2024-1135]

Summary The gunicorn package is used by IBM Cloud Pak for Data System 2.0 . IBM Cloud Pak for Data System 2.0 has addressed the applicable CVEs CVE-2024-1135. Vulnerability Details CVEID:CVE-2024-1135 DESCRIPTION: Gunicorn is vulnerable to HTTP request smuggling, caused by improper parsing of the...

7.5CVSS5.6AI score0.02996EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2024/04/18 2:31 a.m.5 views

SUSE CVE-2024-1135

Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling HRS vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handli...

7.4CVSS9.4AI score0.02996EPSS
Exploits0References5
Rows per page
Query Builder