Download
| Alert*
oval:org.secpod.oval:def:70315
gunicorn: Python HTTP/WSGI server Gunicorn could allow cross-site scripting attacks. oval:org.secpod.oval:def:705819 gunicorn: Python HTTP/WSGI server Gunicorn could allow cross-site scripting attacks. oval:org.secpod.oval:def:1900172 gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLFSequences in HTTP Headers vulnerability in "process_headers" function in"gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have be enfixed ... oval:org.secpod.oval:def:603375 It was discovered that gunicorn, an event-based HTTP/WSGI server was susceptible to HTTP Response splitting. |