Version 23.0.0

gunicorn

gunicorn 'Green Unicorn' is a WSGI HTTP Server for UNIX, fast clients and sleepy applications.

Install Instructions

pip install gunicorn
Current Version Release Date August 10, 2024
Language Python
Package URL (purl) pkg:pip/gunicorn@23.0.0

Find gunicorn vulnerabilities in your supply chain.

Scan for Free

gunicorn Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2018-1000164 High 7.5 CWE-93 0.00491 0.76794
  • 19.0.0–19.4.5
  • 18.0
  • 17.5
  • 0.1–0.17.4
CVE-2024-1135 High 7.5 CWE-444 0.00043 0.10302
  • 21.0.0–21.2.0
  • 20.0.0–20.1.0
  • 19.0.0–19.10.0
  • 18.0
  • 17.5
  • 0.1–0.17.4

gunicorn Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2024-1135 Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure. 19.2.0, 20.0.2, 21.2.0, 21.0.1, 19.4.3, 19.8.1, 20.0.1, 19.5.0 (Show all) Major → 22.0.0
CVE-2018-1000164 gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0. 19.2.0, 19.4.3, 19.1.1, 19.4.1, 0.14.6, 0.17.1, 0.15.0, 17.5 (Show all) Major → 22.0.0

Instantly see if these gunicorn vulnerabilities affect your code.

Scan for Free

Dependencies

Packages using versions of gunicorn affected by its vulnerabilities

Dependent Packages
packaging
importlib-metadata; python_version < "3.8"
eventlet!=0.36.0,>=0.24.1; extra == "eventlet"
gevent>=1.4.0; extra == "gevent"
setproctitle; extra == "setproctitle"
gevent; extra == "testing"
eventlet; extra == "testing"
coverage; extra == "testing"
pytest; extra == "testing"
pytest-cov; extra == "testing"
tornado>=0.2; extra == "tornado"