CVE-2018-1000164

HIGH Year: 2018
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-93
View all →

Vulnerability Description

gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.

Related Vulnerabilities

CVE-2016-10803

HIGH
CVSS:7.5(High)

cPanel before 57.9999.105 allows newline injection via LOC records (CPANEL-6923).

CWE-932016

CVE-2018-12477

HIGH
CVSS:7.5(High)

A Improper Neutralization of CRLF Sequences vulnerability in Open Build Service allows remote attackers to cause deletion of directories by tricking obs-service-refresh_patches to delete them. Affecte...

CWE-932018

CVE-2018-19585

HIGH
CVSS:7.5(High)

GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.

CWE-932018

CVE-2019-10678

HIGH
CVSS:7.5(High)

Domoticz before 4.10579 neglects to categorize \n and \r as insecure argument options.

CWE-932019

CVE-2021-31164

HIGH
CVSS:7.5(High)

Apache Unomi prior to version 1.5.5 allows CRLF log injection because of the lack of escaping in the log statements.

CWE-932021

CVE-2023-0040

HIGH
CVSS:7.5(High)

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. This vulnerability was the result of insufficient validation of HTTP head...

CWE-932023