The vulnerability arises because Gunicorn does not properly validate the 'Transfer-Encoding' header as specified in RFC standards. When the 'Transfer-Encoding' header is not strictly 'chunked', Gunicorn falls back to using the 'Content-Length' header. This discrepancy can be exploited to perform HTTP Request Smuggling attacks, leading to various security issues such as cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.

An attacker can craft a malicious HTTP request with both 'Content-Length' and 'Transfer-Encoding' headers. By specifying an invalid 'Transfer-Encoding' value, the attacker can trick the proxy into using 'Transfer-Encoding' while Gunicorn falls back to 'Content-Length'. This allows the attacker to smuggle a hidden request to a protected endpoint, such as '/admin', bypassing security controls.

Users and administrators running Gunicorn version 21.2.0 are affected by this vulnerability. This includes web applications and services that rely on Gunicorn for handling HTTP requests.