Jamadden

Name of the Vulnerable Software and Affected Versions: gunicorn versions prior to 19.5.0 Description: The issue is related to an improper neutralization of CRLF sequences in HTTP headers, which can be exploited to return arbitrary HTTP headers. This can potentially lead to cross-site scripting (XSS) attacks. The vulnerability is located in the `process headers` function in `gunicorn/http/wsgi.py`. Recommendations: For gunicorn versions prior to 19.5.0, update to version 19.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `process headers` function in `gunicorn/http/wsgi.py` to minimize the risk of exploitation.