Description
gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers vulnerability in "process_headers" function in "gunicorn/http/wsgi.py" that can result in an attacker causing the server to return arbitrary HTTP headers. This vulnerability appears to have been fixed in 19.5.0.
Remediation
References
Related Vulnerabilities
WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.33)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35611)
Sqlite Out-of-bounds Write Vulnerability (CVE-2020-15358)
Drupal Other Vulnerability (CVE-2015-3232)
Drupal Improper Input Validation Vulnerability (CVE-2013-6389)