Gunicorn fails to properly validate Transfer-Encoding headers, leading
to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests
with conflicting Transfer-Encoding headers, attackers can bypass
security restrictions and access restricted endpoints. This issue is due
to Gunicorn's handling of Transfer-Encoding headers, where it
incorrectly processes requests with multiple, conflicting
Transfer-Encoding headers, treating them as chunked regardless of the
final encoding specified. This vulnerability allows for a range of
attacks including cache poisoning, session manipulation, and data
exposure.
- https://bugs.mageia.org/show_bug.cgi?id=33146
-
- https://www.cve.org/CVERecord?id=CVE-2024-1135
- 9/core/python-gunicorn-22.0.0-1.mga9
Get the latest Linux and open source security news straight to your inbox.