| Package | uwsgi |
|---|---|
| Version | 2.0.14+20161117-3+deb9u7 (stretch) |
| Related CVEs | CVE-2024-24795 |
uWSGI, a Web Server Gateway Interface that mainly interfaces between a web server and a python application, allowed an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack.
For Debian 9 stretch, these problems have been fixed in version 2.0.14+20161117-3+deb9u7.
We recommend that you upgrade your uwsgi packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.