Vulnerabilites related to benoitc - benoitc/gunicorn
cve-2024-1135
Vulnerability from cvelistv5
Published
2024-04-16 00:00
Modified
2025-02-13 17:27
Severity ?
EPSS score ?
Summary
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| benoitc | benoitc/gunicorn |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:benoitc:gunicorn:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "gunicorn", vendor: "benoitc", versions: [ { status: "affected", version: "*", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-1135", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-19T17:32:23.631972Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:59:56.871Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-12-20T07:02:46.961Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html", }, { url: "https://lists.debian.org/debian-lts-announce/2024/12/msg00018.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "benoitc/gunicorn", vendor: "benoitc", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-444", description: "CWE-444 Inconsistent Interpretation of HTTP Requests", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-30T23:06:05.937Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1", }, { url: "https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html", }, ], source: { advisory: "22158e34-cfd5-41ad-97e0-a780773d96c1", discovery: "EXTERNAL", }, title: "HTTP Request Smuggling in benoitc/gunicorn", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-1135", datePublished: "2024-04-16T00:00:14.938Z", dateReserved: "2024-01-31T18:15:14.296Z", dateUpdated: "2025-02-13T17:27:34.444Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-6827
Vulnerability from cvelistv5
Published
2025-03-20 10:09
Modified
2025-03-20 18:32
Severity ?
EPSS score ?
Summary
Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| benoitc | benoitc/gunicorn |
Version: unspecified < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-6827", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T17:52:37.458445Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T18:32:51.799Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "benoitc/gunicorn", vendor: "benoitc", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-444", description: "CWE-444 Inconsistent Interpretation of HTTP Requests", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:09:55.725Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/1b4f8f38-39da-44b6-9f98-f618639d0dd7", }, ], source: { advisory: "1b4f8f38-39da-44b6-9f98-f618639d0dd7", discovery: "EXTERNAL", }, title: "HTTP Request Smuggling in benoitc/gunicorn", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-6827", datePublished: "2025-03-20T10:09:55.725Z", dateReserved: "2024-07-16T23:32:47.872Z", dateUpdated: "2025-03-20T18:32:51.799Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }