CVE-2018-1000164: CRLF Injection
(updated )
gunicorn allows the injection of CRLF Sequences in HTTP Headers vulnerability in process_headers
function in gunicorn/http/wsgi.py
that can result in an attacker causing the server to return arbitrary HTTP headers.
References
Detect and mitigate CVE-2018-1000164 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →