[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-1135":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":30,"downstream":31,"duplicates":56,"related":57,"reserved_at":9,"published_at":67,"modified_at":68,"state":69,"summary":70,"references_raw":79,"kevs":121,"epss":122,"epss_history":125,"metrics":392,"affected":404},"CVE-2024-1135","Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's handling of Transfer-Encoding headers, where it incorrectly processes requests with multiple, conflicting Transfer-Encoding headers, treating them as chunked regardless of the final encoding specified. This vulnerability allows for a range of attacks including cache poisoning, session manipulation, and data exposure.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[29],"GHSA-w3h3-4rj7-4ph4",[],[32,34,36,38,40,42,44,46,48,50,52,54],{"_key":33},"SUSE-SU-2024:1440-1",{"_key":35},"SUSE-SU-2024:2881-1",{"_key":37},"DLA-3851-1",{"_key":39},"DLA-3996-1",{"_key":41},"MGASA-2024-0236",{"_key":43},"DEBIAN-CVE-2024-1135",{"_key":45},"UBUNTU-CVE-2024-1135",{"_key":47},"RHSA-2024:2727",{"_key":49},"RHSA-2024:3781",{"_key":51},"RHSA-2024:4054",{"_key":53},"RHSA-2025:1335",{"_key":55},"RHSA-2024:7987",[],[58,59,60,61,63,65],{"_key":41},{"_key":33},{"_key":35},{"_key":62},"CGA-3R6V-5HCR-7H4M",{"_key":64},"CGA-47Q9-2W9J-Q9GQ",{"_key":66},"CGA-F67W-874Q-WH5V","2024-04-16T00:00:14.938Z","2025-02-13T17:27:34.444Z","Deferred",{"cisa_kev":71,"cisa_ransomware":71,"cisa_vendor":9,"epss_severity":72,"epss_score":73,"severity":74,"severity_score":75,"severity_version":76,"severity_source":77,"severity_vector":78,"severity_status":69},false,"low",0.00085,"high",7.5,"v3.0","cve.org","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[80,87,91,95,100,104,108,112,117],{"url":81,"sources":82,"tags":85},"https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1",[77,83,84],"nvd","osv_pypi",[86],"WEB",{"url":88,"sources":89,"tags":90},"https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html",[77,83,84],[86],{"url":92,"sources":93,"tags":94},"https://lists.debian.org/debian-lts-announce/2024/12/msg00018.html",[77,83,84],[86],{"url":96,"sources":97,"tags":98},"https://nvd.nist.gov/vuln/detail/CVE-2024-1135",[84],[99],"Advisory",{"url":101,"sources":102,"tags":103},"https://github.com/benoitc/gunicorn/issues/3091",[84],[86],{"url":105,"sources":106,"tags":107},"https://github.com/benoitc/gunicorn/pull/3113",[84],[86],{"url":109,"sources":110,"tags":111},"https://github.com/benoitc/gunicorn/commit/ac29c9b0a758d21f1e0fb3b3457239e523fa9f1d",[84],[86],{"url":113,"sources":114,"tags":115},"https://github.com/benoitc/gunicorn",[84],[116],"PACKAGE",{"url":118,"sources":119,"tags":120},"https://github.com/benoitc/gunicorn/releases/tag/22.0.0",[84],[86],[],{"date":123,"score":73,"percentile":124},"2026-06-04",0.24611,[126,130,133,136,139,142,145,148,151,154,157,160,163,166,169,173,176,178,181,184,186,189,192,195,198,201,204,207,210,212,214,217,220,222,225,228,231,234,237,240,243,246,249,252,255,258,261,264,267,270,273,276,279,282,285,288,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,366,369,372,375,378,381,384,386,389],{"date":127,"score":128,"percentile":129},"2025-11-04",0.0004,0.11531,{"date":131,"score":128,"percentile":132},"2025-11-05",0.11557,{"date":134,"score":128,"percentile":135},"2025-11-06",0.11669,{"date":137,"score":128,"percentile":138},"2025-11-07",0.11683,{"date":140,"score":128,"percentile":141},"2025-11-08",0.11696,{"date":143,"score":128,"percentile":144},"2025-11-09",0.11666,{"date":146,"score":128,"percentile":147},"2025-11-10",0.11615,{"date":149,"score":128,"percentile":150},"2025-11-11",0.11639,{"date":152,"score":128,"percentile":153},"2025-11-12",0.11667,{"date":155,"score":128,"percentile":156},"2025-11-13",0.11692,{"date":158,"score":128,"percentile":159},"2025-11-14",0.11705,{"date":161,"score":128,"percentile":162},"2025-11-15",0.11706,{"date":164,"score":128,"percentile":165},"2025-11-16",0.11703,{"date":167,"score":128,"percentile":168},"2025-11-17",0.11679,{"date":170,"score":171,"percentile":172},"2025-11-18",0.00325,0.52505,{"date":174,"score":171,"percentile":175},"2025-11-19",0.52517,{"date":177,"score":171,"percentile":172},"2025-11-20",{"date":179,"score":128,"percentile":180},"2025-11-21",0.11709,{"date":182,"score":128,"percentile":183},"2025-11-22",0.11717,{"date":185,"score":128,"percentile":180},"2025-11-23",{"date":187,"score":128,"percentile":188},"2025-11-24",0.1166,{"date":190,"score":128,"percentile":191},"2025-11-25",0.11663,{"date":193,"score":128,"percentile":194},"2025-11-26",0.11655,{"date":196,"score":128,"percentile":197},"2025-11-27",0.11661,{"date":199,"score":128,"percentile":200},"2025-11-28",0.11654,{"date":202,"score":128,"percentile":203},"2025-11-29",0.11609,{"date":205,"score":128,"percentile":206},"2025-11-30",0.1161,{"date":208,"score":128,"percentile":209},"2025-12-01",0.11646,{"date":211,"score":128,"percentile":194},"2025-12-02",{"date":213,"score":128,"percentile":191},"2025-12-03",{"date":215,"score":128,"percentile":216},"2025-12-04",0.11653,{"date":218,"score":128,"percentile":219},"2025-12-05",0.11687,{"date":221,"score":128,"percentile":141},"2025-12-06",{"date":223,"score":128,"percentile":224},"2025-12-07",0.11686,{"date":226,"score":128,"percentile":227},"2025-12-08",0.117,{"date":229,"score":128,"percentile":230},"2025-12-09",0.11756,{"date":232,"score":128,"percentile":233},"2025-12-10",0.11821,{"date":235,"score":128,"percentile":236},"2025-12-11",0.11853,{"date":238,"score":128,"percentile":239},"2025-12-12",0.11883,{"date":241,"score":128,"percentile":242},"2025-12-13",0.119,{"date":244,"score":128,"percentile":245},"2025-12-14",0.11887,{"date":247,"score":128,"percentile":248},"2025-12-15",0.11834,{"date":250,"score":128,"percentile":251},"2025-12-16",0.1182,{"date":253,"score":128,"percentile":254},"2025-12-17",0.11908,{"date":256,"score":128,"percentile":257},"2025-12-18",0.11956,{"date":259,"score":128,"percentile":260},"2025-12-19",0.11968,{"date":262,"score":128,"percentile":263},"2025-12-20",0.11973,{"date":265,"score":128,"percentile":266},"2025-12-21",0.11952,{"date":268,"score":128,"percentile":269},"2025-12-22",0.11918,{"date":271,"score":128,"percentile":272},"2025-12-23",0.1192,{"date":274,"score":128,"percentile":275},"2025-12-24",0.11929,{"date":277,"score":128,"percentile":278},"2025-12-25",0.12001,{"date":280,"score":128,"percentile":281},"2025-12-26",0.11984,{"date":283,"score":128,"percentile":284},"2025-12-27",0.11991,{"date":286,"score":128,"percentile":287},"2025-12-28",0.11976,{"date":289,"score":128,"percentile":290},"2025-12-29",0.11907,{"date":292,"score":128,"percentile":293},"2025-12-30",0.11882,{"date":295,"score":128,"percentile":296},"2025-12-31",0.11921,{"date":298,"score":128,"percentile":299},"2026-01-01",0.11955,{"date":301,"score":128,"percentile":302},"2026-01-02",0.11938,{"date":304,"score":128,"percentile":305},"2026-01-03",0.11911,{"date":307,"score":128,"percentile":308},"2026-01-04",0.11837,{"date":310,"score":128,"percentile":311},"2026-01-05",0.11797,{"date":313,"score":128,"percentile":314},"2026-01-06",0.11806,{"date":316,"score":128,"percentile":317},"2026-01-07",0.11841,{"date":319,"score":128,"percentile":320},"2026-01-08",0.1189,{"date":322,"score":128,"percentile":323},"2026-01-09",0.11915,{"date":325,"score":128,"percentile":326},"2026-01-10",0.11928,{"date":328,"score":128,"percentile":329},"2026-01-11",0.11901,{"date":331,"score":128,"percentile":332},"2026-01-12",0.11873,{"date":334,"score":128,"percentile":335},"2026-01-13",0.11845,{"date":337,"score":128,"percentile":338},"2026-01-14",0.11904,{"date":340,"score":128,"percentile":341},"2026-01-15",0.11909,{"date":343,"score":128,"percentile":344},"2026-01-16",0.11951,{"date":346,"score":128,"percentile":347},"2026-01-17",0.11963,{"date":349,"score":128,"percentile":350},"2026-01-18",0.1191,{"date":352,"score":128,"percentile":353},"2026-01-19",0.1185,{"date":355,"score":128,"percentile":356},"2026-01-20",0.11832,{"date":358,"score":128,"percentile":359},"2026-01-21",0.11811,{"date":361,"score":128,"percentile":362},"2026-01-22",0.11793,{"date":364,"score":128,"percentile":365},"2026-01-23",0.11881,{"date":367,"score":128,"percentile":368},"2026-01-24",0.11936,{"date":370,"score":128,"percentile":371},"2026-01-25",0.11888,{"date":373,"score":128,"percentile":374},"2026-01-26",0.11836,{"date":376,"score":128,"percentile":377},"2026-01-27",0.11823,{"date":379,"score":128,"percentile":380},"2026-01-28",0.11814,{"date":382,"score":128,"percentile":383},"2026-01-29",0.11787,{"date":385,"score":128,"percentile":314},"2026-01-30",{"date":387,"score":128,"percentile":388},"2026-01-31",0.11827,{"date":390,"score":128,"percentile":391},"2026-02-01",0.11826,[393,398,400],{"source":77,"cvss_v2_0":9,"cvss_v3_0":394,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":75,"baseSeverity":395,"vectorString":78,"impactScore":396,"exploitabilityScore":397},"HIGH",6,10,{"source":83,"cvss_v2_0":9,"cvss_v3_0":399,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":75,"baseSeverity":395,"vectorString":78,"impactScore":396,"exploitabilityScore":397},{"source":84,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":401,"cvss_v4_0":9},{"baseScore":402,"baseSeverity":9,"vectorString":403,"impactScore":4,"exploitabilityScore":397},8.2,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",[405,416],{"ecosystem":9,"name":406,"vendor":407,"product":406,"cpe_part":408,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":409},"benoitc/gunicorn","benoitc","a",[410],{"version":411,"is_range":412,"range_type":77,"version_start":413,"version_start_type":414,"version_end":415,"version_end_type":414,"fixed_in":9},">= unspecified, \u003C= latest",true,"unspecified","including","latest",{"ecosystem":417,"name":418,"vendor":417,"product":418,"cpe_part":9,"purl_type":419,"purl_namespace":9,"purl_name":418,"source":9,"versions":420},"PyPI","gunicorn","pypi",[421],{"version":422,"is_range":412,"range_type":423,"version_start":9,"version_start_type":9,"version_end":424,"version_end_type":425,"fixed_in":9},"lt22_0_0","ecosystem","22.0.0","excluding"]