USN-4022-1: Gunicorn vulnerability
19 June 2019
Gunicorn could allow cross-site scripting (XSS) attacks.
Releases
Packages
- gunicorn - Python HTTP/WSGI server
Details
It was discovered that gunicorn improperly handled certain input. An attacker
could potentially use this issue execute a cross-site scripting (XSS) attack.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
gunicorn
-
19.4.5-1ubuntu1.1
-
gunicorn3
-
19.4.5-1ubuntu1.1
-
python-gunicorn
-
19.4.5-1ubuntu1.1
-
python3-gunicorn
-
19.4.5-1ubuntu1.1
In general, a standard system update will make all the necessary changes.