Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
HTTP Request Smuggling in benoitc/gunicorn
Vulnerability Description
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.
CVSS Information
N/A
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
Gunicorn 环境问题漏洞
Vulnerability Description
Gunicorn是Gunicorn开源的一个 Python Web 服务器网关接口 HTTP 服务器。 Gunicorn 21.2.0版本存在环境问题漏洞,该漏洞源于Transfer-Encoding头验证不当,可能导致请求夹带攻击。
CVSS Information
N/A
Vulnerability Type
N/A