2 matches found
CVE-2020-7695
CVE-2020-7695 affects Uvicorn before 0.11.7. The issue is an HTTP response splitting vulnerability where CRLF sequences are not escaped in header values, allowing an attacker to inject arbitrary headers or even craft an arbitrary response body when input is used to build HTTP headers. The availab...
CVE-2020-7694
This CVE affects all versions of uvicorn. The request logger is vulnerable to ASNI escape sequence injection: when handling HTTP requests, the logger logs the URL after urllib.parse.unquote processes percent-encoded characters, enabling special-meaning ANSI codes to affect terminal emulators disp...