Sending a request with both Content-Length and Transfer-Encoding: chunked in a specific order could cause the older wsgiserver to treat the message differently than a reverse proxy.
Header Injection and Parsing Errors: WSGIServer 0.2 may fail to correctly sanitize incoming HTTP headers. In CPython 3.10.4, changes to how certain characters are interpreted in the underlying C-API can allow an attacker to inject additional headers. This can lead to HTTP Response Splitting or Session Fixation attacks. wsgiserver 02 cpython 3104 exploit