Wsgiserver 02 Cpython 3104 Exploit [ 2027 ]

Many old WSGI servers trusted user-supplied PATH_INFO without normalization. An exploit might use ..%2f sequences to access files outside the document root if the application serves static files through the WSGI stack.

Mitigation:
Normalize paths using os.path.abspath or urllib.parse.unquote and check that the final path is within the intended directory.

WSGI servers must correctly parse Content-Length and Transfer-Encoding headers. An exploit might craft conflicting headers, causing the WSGI server and a frontend proxy (like Nginx) to desynchronize. This could allow an attacker to “smuggle” a second request past security checks. wsgiserver 02 cpython 3104 exploit

Example (hypothetical):
Sending a request with both Content-Length and Transfer-Encoding: chunked in a specific order could cause the older wsgiserver to treat the message differently than a reverse proxy.

Mitigation:
Use a well-maintained WSGI server (e.g., Waitress v2.1+, Gunicorn v20.1+). Avoid custom or legacy versions of wsgiserver. wsgiserver 02 cpython 3104 exploit

If a WSGI server fails to sanitize newline characters in headers provided by the application, an attacker may inject additional HTTP headers or response splitting.

Mitigation:
Python’s wsgiref validates headers, but custom servers may not. Always use wsgi.file_wrapper carefully and prohibit raw \r\n in header values. wsgiserver 02 cpython 3104 exploit

Python 3.10.4 is an older release. While the vulnerability was formally identified and patched in later versions (mid-2024), the underlying code flaw existed in the 3.10 branch. If you are running 3.10.4, your environment is likely vulnerable unless you have backported the security patch manually.