PyPI: gunicorn

CVE-2018-1000164

Safety vulnerability ID: SFTY-20180418-50233

Safety legacy ID: pyup.io-40105

Gunicorn 19.5.0 includes a fix for CVE-2018-1000164: gunicorn version 19.4.5 contains a CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers.

PythonPyPINVDNVDGitHubGHSA
Created at: Nov 6, 2025Updated at: Nov 6, 2025

Overview

Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers

Advisory

Gunicorn 19.5.0 includes a fix for CVE-2018-1000164: gunicorn version 19.4.5 contains a CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers.

Affected Package

Affecting gunicorn package, versions
<19.5.0

Also affects

---

How to Fix

Upgrade
gunicorn
to
19.5.0
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more