Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP Request Smuggling in benoitc/gunicorn
Vulnerability Description
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.
CVSS Information
N/A
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
Gunicorn 环境问题漏洞
Vulnerability Description
Gunicorn是Gunicorn开源的一个 Python Web 服务器网关接口 HTTP 服务器。 Gunicorn存在环境问题漏洞,该漏洞源于无法正确验证 Transfer-Encoding标头,造成HTTP请求走私(HRS)攻击。
CVSS Information
N/A
Vulnerability Type
N/A