PYSEC-2020-239

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/meinheld/PYSEC-2020-239.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2020-239
Aliases
Published
2020-05-22T16:15:00Z
Modified
2024-04-22T22:56:30.919375Z
Summary
[none]
Details

meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.

References

Affected packages

PyPI / meinheld

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.0.2

Affected versions

0.*

0.1
0.1.1
0.1.2
0.2
0.2.1
0.3
0.3.1
0.3.2
0.3.3
0.4
0.4.1
0.4.2
0.4.3
0.4.4
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.4.10
0.4.11
0.4.12
0.4.13
0.4.14
0.4.15
0.5
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
0.6.0
0.6.1

1.*

1.0.0
1.0.1