漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
HTTP Request Smuggling in benoitc/gunicorn
Vulnerability Description
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.
CVSS Information
N/A
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
Gunicorn 环境问题漏洞
Vulnerability Description
Gunicorn是Gunicorn开源的一个 Python Web 服务器网关接口 HTTP 服务器。 Gunicorn 21.2.0版本存在环境问题漏洞,该漏洞源于Transfer-Encoding头验证不当,可能导致请求夹带攻击。
CVSS Information
N/A
Vulnerability Type
N/A