{"id":"PYSEC-2020-239","details":"meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.","aliases":["CVE-2020-7658","GHSA-63h2-9cc8-fc7m","SNYK-PYTHON-MEINHELD-569140"],"modified":"2024-04-22T22:56:30.919375Z","published":"2020-05-22T16:15:00Z","references":[{"type":"WEB","url":"https://github.com/mopemope/meinheld/blob/master/CHANGES.rst,"},{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-PYTHON-MEINHELD-569140"}],"affected":[{"package":{"name":"meinheld","ecosystem":"PyPI","purl":"pkg:pypi/meinheld"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.0.2"}]}],"versions":["0.1","0.1.1","0.1.2","0.2","0.2.1","0.3","0.3.1","0.3.2","0.3.3","0.4","0.4.1","0.4.10","0.4.11","0.4.12","0.4.13","0.4.14","0.4.15","0.4.2","0.4.3","0.4.4","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.5","0.5.1","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9","0.6.0","0.6.1","1.0.0","1.0.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/meinheld/PYSEC-2020-239.yaml"}}],"schema_version":"1.7.3"}