Request Smuggling Vulnerability in Gunicorn by the Vendor
CVE-2024-6827

7.5HIGH

Key Information:

Vendor: Benoitc
Status: Benoitc/gunicorn
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-6827?

Gunicorn version 21.2.0 contains a vulnerability due to improper validation of the 'Transfer-Encoding' header as per RFC standards. This oversight allows the default fallback method of 'Content-Length' to be exploited, leading to request smuggling vulnerabilities. Such vulnerabilities may result in cache poisoning, session manipulation, data leakage, and various attacks including SSRF, XSS, and Denial of Service (DoS), ultimately compromising data integrity and allowing unauthorized security bypasses.

Affected Version(s)

benoitc/gunicorn <= unspecified

References

https://huntr.com/bounties/1b4f8f38-39da-44b6-9f98-f61863...

CVSS V3.0

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Jul 16, 2024

CVE-2024-6827 Data

JSON

Benoitc

What is CVE-2024-6827?

Affected Version(s)

References

CVSS V3.0

Timeline