Gunicorn: >> Gunicorn Security Vulnerabilities
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.
CVSS Score
7.5
EPSS Score
0.013
Published
2018-04-18