CVE-2020-7658 – meinheld

Package

Manager: pip
Name: meinheld
Vulnerable Version: >=0 <1.0.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

EPSS: 0.00238 pctl0.46819

Details

meinheld vulnerable to HTTP Request Smuggling meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.

Metadata

Created: 2022-05-24T17:18:38Z
Modified: 2024-09-25T19:43:34Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-63h2-9cc8-fc7m/GHSA-63h2-9cc8-fc7m.json
CWE IDs: ["CWE-444"]
Alternative ID: GHSA-63h2-9cc8-fc7m
Finding: F110
Auto approve: 1