GHSA-vcph-37mh-fqrh

Suggest an improvement
Source
https://github.com/advisories/GHSA-vcph-37mh-fqrh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-vcph-37mh-fqrh/GHSA-vcph-37mh-fqrh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vcph-37mh-fqrh
Aliases
Published
2023-03-07T18:30:39Z
Modified
2023-12-06T00:47:53.738052Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
Apache HTTP Server via mod_proxy_uwsgi HTTP response smuggling
Details

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server from 2.4.30 through 2.4.55 and the uWSGI PyPI package prior to version 2.0.22. Special characters in the origin response header can truncate/split the response forwarded to the client.

References

Affected packages

PyPI / uwsgi

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.22

Affected versions

1.*

1.4.9
1.4.10
1.9
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
1.9.10
1.9.11
1.9.12
1.9.13
1.9.14
1.9.15
1.9.16
1.9.17
1.9.17.1
1.9.18
1.9.18.1
1.9.18.2
1.9.19
1.9.20
1.9.21
1.9.21.1

2.*

2.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.5.1
2.0.6
2.0.7
2.0.8
2.0.9
2.0.10
2.0.11
2.0.11.1
2.0.11.2
2.0.12
2.0.13
2.0.13.1
2.0.14
2.0.15
2.0.16
2.0.17
2.0.17.1
2.0.18
2.0.19
2.0.19.1
2.0.20
2.0.21