gunicorn

Latest secure version 26.0.0

WSGI HTTP Server for UNIX

MIT

Known vulnerabilities and security issues detected in the extension's dependencies and code.

Vulnerability ID	Advisory				Affected Versions
CVE-2024-6827	Affected versions of the gunicorn package are vulnerable to HTTP Request/Response Smuggling due to improper validation of the Transfer-Encoding header that enables a TE.CL desynchronisation condition.…	High	–	–	<22.0.0
CVE-2024-1135	Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can b…	High	–	–	>=0.10.0,<22.0.0
CVE-2018-1000164	Gunicorn 19.5.0 includes a fix for CVE-2018-1000164: gunicorn version 19.4.5 contains a CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function …	High	–	–	<19.5.0

Additional security issues found by Safety, exclusive to our platform.

Safety discovered vulnerability data is available for Enterprise customers

Book a call with us to see Safety in action.

Functions linked to known vulnerabilities in this package.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.