UBUNTU-CVE-2024-6827

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-6827

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6827.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-6827

Related

CVE-2024-6827

Published

2025-03-20T10:15:00Z

Modified

2025-06-03T17:49:08Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.

References

Affected packages

Ubuntu:Pro:14.04:LTS / gunicorn

Package

Name: gunicorn
Purl: pkg:deb/ubuntu/gunicorn@17.5-2ubuntu0.1~esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

17.*

17.5-2

17.5-2build1

17.5-2ubuntu0.1~esm1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / gunicorn

Package

Name: gunicorn
Purl: pkg:deb/ubuntu/gunicorn@19.4.5-1ubuntu1.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

19.*

19.0-8ubuntu1

19.4.1-1ubuntu1

19.4.5-1ubuntu1

19.4.5-1ubuntu1.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / gunicorn

Package

Name: gunicorn
Purl: pkg:deb/ubuntu/gunicorn@19.7.1-4?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

19.*

19.7.1-3

19.7.1-4

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:20.04:LTS / gunicorn

Package

Name: gunicorn
Purl: pkg:deb/ubuntu/gunicorn@20.0.4-3?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

19.*

19.9.0-1

19.9.0-4

20.*

20.0.0-1

20.0.2-1

20.0.4-1

20.0.4-2

20.0.4-3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / gunicorn

Package

Name: gunicorn
Purl: pkg:deb/ubuntu/gunicorn@20.1.0-2?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.1.0-1

20.1.0-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / gunicorn

Package

Name: gunicorn
Purl: pkg:deb/ubuntu/gunicorn@23.0.0-1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.1.0-6

22.*

22.0.0-1

23.*

23.0.0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / gunicorn

Package

Name: gunicorn
Purl: pkg:deb/ubuntu/gunicorn@20.1.0-6?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.1.0-6

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / gunicorn

Package

Name: gunicorn
Purl: pkg:deb/ubuntu/gunicorn@23.0.0-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

23.*

23.0.0-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}