uvicorn

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting uvicornpage 1 of 1

CVE-2020-7694LOWCVSS 3.7EG 3.7✓ Fixed in 0.11.7
2020-07-27
vulnerable: 0.0.1 ... 0.11.6 (117 versions)
This affects all versions of package uvicorn. The request logger provided by the package is vulnerable to ASNI escape sequence injection. Whenever any HTTP request is received, the default behaviour of uvicorn is to log its details to eith…
CVE-2020-7695MEDIUMCVSS 5.3EG 5.3✓ Fixed in 0.11.7
2020-07-27
vulnerable: 0.0.1 ... 0.11.6 (117 versions)
Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF sequences are not escaped in the value of HTTP headers. Attackers can exploit this to add arbitrary headers to HTTP responses, or even return an arbitrary response body, …

Check whether uvicorn is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for uvicorn CVEs against the assets you own.

Start Free Scan →