Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
PYSEC-2020-239
Vulnerability from pysec - Published: 2020-05-22 16:15 - Updated: 2021-08-27 03:22
VLAI
Details
meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.
Impacted products
| Name | purl | meinheld | pkg:pypi/meinheld |
|---|
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "meinheld",
"purl": "pkg:pypi/meinheld"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.1",
"0.1.1",
"0.1.2",
"0.2",
"0.2.1",
"0.3",
"0.3.1",
"0.3.2",
"0.3.3",
"0.4",
"0.4.1",
"0.4.10",
"0.4.11",
"0.4.12",
"0.4.13",
"0.4.14",
"0.4.15",
"0.4.2",
"0.4.3",
"0.4.4",
"0.4.5",
"0.4.6",
"0.4.7",
"0.4.8",
"0.4.9",
"0.5",
"0.5.1",
"0.5.2",
"0.5.3",
"0.5.4",
"0.5.5",
"0.5.6",
"0.5.7",
"0.5.8",
"0.5.9",
"0.6.0",
"0.6.1",
"1.0.0",
"1.0.1"
]
}
],
"aliases": [
"CVE-2020-7658",
"SNYK-PYTHON-MEINHELD-569140",
"GHSA-63h2-9cc8-fc7m"
],
"details": "meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.",
"id": "PYSEC-2020-239",
"modified": "2021-08-27T03:22:06.793758Z",
"published": "2020-05-22T16:15:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/mopemope/meinheld/blob/master/CHANGES.rst,"
},
{
"type": "ADVISORY",
"url": "https://snyk.io/vuln/SNYK-PYTHON-MEINHELD-569140"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-63h2-9cc8-fc7m"
}
]
}