Descriptiongunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having low severity.
|National Vulnerability Database|
- openSUSE-SU-2018:0965-1, published Tue, 17 Apr 2018 03:08:20 +0200 (CEST)
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Leap 42.3|| ||Patchnames: