CVE-2018-1000164
Description
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in process_headers function in gunicorn/http/wsgi.py that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.484
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2018-1000164 are fixed in Python-gunicorn 19.5.0 | Windows |
| Python HTTP/WSGI server (USN-4022-1) gunicorn_19.4.5-1ubuntu1.1_all.deb | Linux |
| Python HTTP/WSGI server (USN-4022-1) gunicorn3_19.4.5-1ubuntu1.1_all.deb | Linux |
| Python HTTP/WSGI server (USN-4022-1) python-gunicorn_19.4.5-1ubuntu1.1_all.deb | Linux |
| Python HTTP/WSGI server (USN-4022-1) python3-gunicorn_19.4.5-1ubuntu1.1_all.deb | Linux |
| gunicorn security update(DSA-4186-1) gunicorn_19.0-1+deb8u1_all.deb | Linux |
| Vulnerabilities CVE-2018-1000164 are fixed in Python-gunicorn for linux 19.5.0 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234