UBUNTU-CVE-2024-6827

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2024-6827
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-6827.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-6827
Related
Published
2025-03-20T10:15:00Z
Modified
2025-04-23T15:11:36Z
Summary
[none]
Details

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.

References

Affected packages

Ubuntu:Pro:14.04:LTS / gunicorn

Package

Name
gunicorn
Purl
pkg:deb/ubuntu/gunicorn@17.5-2ubuntu0.1~esm1?arch=source&distro=esm-infra-legacy/trusty

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

17.*

17.5-2
17.5-2build1
17.5-2ubuntu0.1~esm1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / gunicorn

Package

Name
gunicorn
Purl
pkg:deb/ubuntu/gunicorn@19.4.5-1ubuntu1.1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

19.*

19.0-8ubuntu1
19.4.1-1ubuntu1
19.4.5-1ubuntu1
19.4.5-1ubuntu1.1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / gunicorn

Package

Name
gunicorn
Purl
pkg:deb/ubuntu/gunicorn@19.7.1-4?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

19.*

19.7.1-3
19.7.1-4

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / gunicorn

Package

Name
gunicorn
Purl
pkg:deb/ubuntu/gunicorn@20.0.4-3?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

19.*

19.9.0-1
19.9.0-4

20.*

20.0.0-1
20.0.2-1
20.0.4-1
20.0.4-2
20.0.4-3

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / gunicorn

Package

Name
gunicorn
Purl
pkg:deb/ubuntu/gunicorn@20.1.0-2?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.1.0-1
20.1.0-2

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / gunicorn

Package

Name
gunicorn
Purl
pkg:deb/ubuntu/gunicorn@23.0.0-1?arch=source&distro=oracular

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.1.0-6

22.*

22.0.0-1

23.*

23.0.0-1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / gunicorn

Package

Name
gunicorn
Purl
pkg:deb/ubuntu/gunicorn@20.1.0-6?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

20.*

20.1.0-6

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / gunicorn

Package

Name
gunicorn
Purl
pkg:deb/ubuntu/gunicorn@23.0.0-1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

23.*

23.0.0-1

Ecosystem specific 

{
    "ubuntu_priority": "medium"
}