CVE-2024-6827

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.

References

Affected packages

Debian:11 / gunicorn

Package

Name: gunicorn
Purl: pkg:deb/debian/gunicorn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.1.0-1

20.1.0-1+deb11u1

20.1.0-2

20.1.0-3

20.1.0-4

20.1.0-5

20.1.0-6

22.*

22.0.0-1

23.*

23.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gunicorn

Package

Name: gunicorn
Purl: pkg:deb/debian/gunicorn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.1.0-6

20.1.0-6+deb12u1

22.*

22.0.0-1

23.*

23.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gunicorn

Package

Name: gunicorn
Purl: pkg:deb/debian/gunicorn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

23.0.0-1

Affected versions

20.*

20.1.0-6

22.*

22.0.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}