Name of the Vulnerable Software and Affected Versions:

Eventlet versions prior to 0.40.3

Description:

The Eventlet WSGI parser is susceptible to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This issue could allow attackers to bypass front-end security controls, launch targeted attacks against active site users, and poison web caches.

Recommendations:

Update to Eventlet version 0.40.3 or later.

As a workaround, avoid using Eventlet WSGI when facing untrusted clients.