Arbitrary HTTP Headers Injection in gunicorn version 19.4.5

Arbitrary HTTP Headers Injection in gunicorn version 19.4.5

CVE-2018-1000164 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.

Learn more about our Cis Benchmark Audit For Server Software.