Mitigating the HTTPoxy Vulnerability with Nginx

&gt; The vulnerability was mentioned on the NGINX mailing list in July, 2013, by Jonathan Matthews.<p>Wow, that is long ago. Why isn&#x27;t this mitigated earlier? The attack is very simple.

There are mentions of Python... Does this affect WSGI applications, in particular, uWSGI?<p>AFAIK, uWSGI somewhat resembles but doesn&#x27;t emulate CGI (unlike how FastCGI works), and WSGI application&#x27;s `environ` parameter isn&#x27;t related to `os.environ`, so it should be safe. But I may be mistaken here...

NGINX should have really applied for a CVE instead of pretending that they are immune.