14 matches found
CVE-2020-7658
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing...
EUVD-2020-0109
Malware in sbrugna...
spacy-http (>=0.1.0 <=0.1.1) potentially affected by CVE-2020-7658 via meinheld (=0.6.1)
meinheld PYPI version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on meinheld and may be impacted: - spacy-http =0.1.0, =0.1.1 Source cves: CVE-2020-7658 Source advisory: OSV:GHSA-63H2-9CC8-FC7M...
GHSA-63H2-9CC8-FC7M meinheld vulnerable to HTTP Request Smuggling
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing...
meinheld vulnerable to HTTP Request Smuggling
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing...
HTTP Request Smuggling
meinheld is vulnerable to HTTP request smuggling. Lack of validation in the Content-Length header and Transfer Encoding headers allowed an attacker to perform HTTP smuggling attacks which could lead to XSS attacks and poisonining a user's web-cache and allows the attacker to obtain confidential...
meinheld environment error vulnerability
meinheld is a WSGI Web Server Gateway Interface asynchronous Web server from the Japanese software developer Yutaka Matsubara. An environment error vulnerability exists in meinheld because the program does not properly parse the Content-Length and Transfer Encoding headers. An attacker could...
CVE-2020-7658
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing...
PYSEC-2020-239
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing...
Design/Logic Flaw
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing...
spacy-http (>=0.1.0 <=0.1.1) potentially affected by CVE-2020-7658 via meinheld (=0.6.1)
meinheld PYPI version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on meinheld and may be impacted: - spacy-http =0.1.0, =0.1.1 Source cves: CVE-2020-7658 Source advisory: OSV:PYSEC-2020-239...
PYSEC-2020-239
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing...
CVE-2020-7658
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing...
CVE-2020-7658
CVE-2020-7658 affects the meinheld WSGI server, vulnerable before 1.0.2 to HTTP Request Smuggling due to incorrect parsing of Content-Length and Transfer-Encoding headers. This can enable HTTP pipelining issues and request-smuggling attacks as described in connected advisories. The documents do n...