diff --git a/httpd-2.4.37-CVE-2023-27522.patch b/httpd-2.4.37-CVE-2023-27522.patch
new file mode 100644
index 0000000000000000000000000000000000000000..68caa96b9c7476c76bd7d5aedb44e4383539f900
--- /dev/null
+++ b/httpd-2.4.37-CVE-2023-27522.patch
@@ -0,0 +1,98 @@
+diff -aruN httpd-2.4.37/modules/proxy/mod_proxy_uwsgi.c httpd-2.4.37-new/modules/proxy/mod_proxy_uwsgi.c
+--- httpd-2.4.37/modules/proxy/mod_proxy_uwsgi.c	2023-03-23 17:17:42.778867787 +0800
++++ httpd-2.4.37-new/modules/proxy/mod_proxy_uwsgi.c	2023-03-24 00:25:57.265336276 +0800
+@@ -304,18 +304,18 @@
+     pass_bb = apr_brigade_create(r->pool, c->bucket_alloc);
+ 
+     len = ap_getline(buffer, sizeof(buffer), rp, 1);
+-
+     if (len <= 0) {
+-        /* oops */
+-        return HTTP_INTERNAL_SERVER_ERROR;
++        /* invalid or empty */
++	return HTTP_INTERNAL_SERVER_ERROR;
+     }
+ 
+     backend->worker->s->read += len;
+ 
+-    if (len >= sizeof(buffer) - 1) {
++    if ((apr_size_t)len >= sizeof(buffer)) {
+         /* oops */
+         return HTTP_INTERNAL_SERVER_ERROR;
+     }
++
+     /* Position of http status code */
+     if (apr_date_checkmask(buffer, "HTTP/#.# ###*")) {
+         status_start = 9;
+@@ -324,8 +324,8 @@
+         status_start = 7;
+     }
+     else {
+-        /* oops */
+-        return HTTP_INTERNAL_SERVER_ERROR;
++	    /* not HTTP */
++        return HTTP_BAD_GATEWAY;
+     }
+     status_end = status_start + 3;
+ 
+@@ -345,21 +345,46 @@
+     }
+     r->status_line = apr_pstrdup(r->pool, &buffer[status_start]);
+ 
+-    /* start parsing headers */
++    /* parse headers */
+     while ((len = ap_getline(buffer, sizeof(buffer), rp, 1)) > 0) {
++        if ((apr_size_t)len >= sizeof(buffer)) {
++            /* too long */
++            len = -1;
++            break;
++        }
++
+         value = strchr(buffer, ':');
+-        /* invalid header skip */
+-        if (!value)
+-            continue;
+-        *value = '\0';
+-        ++value;
++      	if (!value) {
++            /* invalid header */
++            len = -1;
++            break;
++        }
++        *value++ = '\0';
++        if (*ap_scan_http_token(buffer)) {
++            /* invalid name */
++            len = -1;
++            break;
++        }
+         while (apr_isspace(*value))
+             ++value;
+         for (end = &value[strlen(value) - 1];
+              end > value && apr_isspace(*end); --end)
+             *end = '\0';
++    	if (*ap_scan_http_field_content(value)) {
++            /* invalid value */
++            len = -1;
++            break;
++        }
++
+         apr_table_add(r->headers_out, buffer, value);
+     }
++    if (len < 0) {
++        /* Reset headers, but not to NULL because things below the chain expect
++         * this to be non NULL e.g. the ap_content_length_filter.
++         */
++        r->headers_out = apr_table_make(r->pool, 1);
++        return HTTP_BAD_GATEWAY;
++    }
+ 
+     if ((buf = apr_table_get(r->headers_out, "Content-Type"))) {
+         ap_set_content_type(r, apr_pstrdup(r->pool, buf));
+diff -aruN httpd-2.4.37/proxy_uwsgi_response_validation.txt httpd-2.4.37-new/proxy_uwsgi_response_validation.txt
+--- httpd-2.4.37/proxy_uwsgi_response_validation.txt	1970-01-01 08:00:00.000000000 +0800
++++ httpd-2.4.37-new/proxy_uwsgi_response_validation.txt	2023-03-24 00:06:18.077406561 +0800
+@@ -0,0 +1,4 @@
++  *) mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation.
++     [Yann Ylavic]
++  *) mod_proxy_uwsgi: Stricter backend HTTP response parsing/validation.
++     [Yann Ylavic]
diff --git a/httpd.spec b/httpd.spec
index 10065602fdd2d17b1338cc81052c8cfeebd374bb..6f96ef219ba5090827ff0451ea02a9e2016a5965 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -1,4 +1,4 @@
-%define anolis_release .0.1
+%define anolis_release .0.2
 %define contentdir %{_datadir}/httpd
 %define docroot /var/www
 %define suexec_caller apache
@@ -248,6 +248,8 @@ Patch237: httpd-2.4.37-CVE-2022-36760.patch
 # https://bugzilla.redhat.com/show_bug.cgi?id=2176209
 Patch238: httpd-2.4.37-CVE-2023-25690.patch
 
+Patch239:httpd-2.4.37-CVE-2023-27522.patch
+
 # Add by Anolis
 Patch1000: 1000-httpd-anolis-rebrand.patch
 Patch1001: 1001-httpd-anolis-support-loongarch64.patch
@@ -471,6 +473,7 @@ interface for storing and accessing per-user session data.
 %patch236 -p1 -b .CVE-2006-20001
 %patch237 -p1 -b .CVE-2022-36760
 %patch238 -p1 -b .CVE-2023-25690
+%patch239 -p1 -b .CVE-2023-27522
 
 # Add by Anolis
 %patch1000 -p1
@@ -981,6 +984,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Fri Apr 28 2023 guochuang <guo.chuang@zte.com.cn>-2.4.37-51.0.2.5
+- add patch for CVE-2023-27522
+
 * Fri Apr 07 2023 zhangbinchen <zhangbinchen@openanolis.org> - 2.4.37-51.0.1.5
 - Rebrand for Anolis OS(Binchen Zhang)
 - Requires system-logos-httpd(Binchen Zhang)