Sha256: a55c8c2e247cf7c2febd42247fa1627fafc59a9040c2a3c047442e19f824ce06
Contents?: true
Size: 738 Bytes
Versions: 1
Compression:
Stored size: 738 Bytes
Contents
---
gem: puma
cve: 2020-5247
ghsa: 84j7-475p-hp8v
url: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
date: 2020-02-27
title: HTTP Response Splitting vulnerability in puma
description: |-
If an application using Puma allows untrusted input in a response header,
an attacker can use newline characters (i.e. CR, LF) to end the header and
inject malicious content, such as additional headers or an entirely new
response body. This vulnerability is known as HTTP Response Splitting.
While not an attack in itself, response splitting is a vector for several
other attacks, such as cross-site scripting (XSS).
cvss_v3: 6.5
patched_versions:
- "~> 3.12.4"
- ">= 4.3.3"
related:
cve:
- 2019-16254
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/puma/CVE-2020-5247.yml |