Sha256: eb903746aba23fbcff6bbcb133a7558816d91d40c886522dd67be48ec9c47237
Contents?: true
Size: 1.12 KB
Versions: 1
Compression:
Stored size: 1.12 KB
Contents
---
gem: puma
cve: 2020-5249
ghsa: 33vf-4xgg-9r58
url: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
date: 2020-03-03
title: HTTP Response Splitting (Early Hints) in Puma
description: |-
### Impact
If an application using Puma allows untrusted input in an early-hints header,
an attacker can use a carriage return character to end the header and inject
malicious content, such as additional headers or an entirely new response body.
This vulnerability is known as [HTTP Response
Splitting](https://owasp.org/www-community/attacks/HTTP_Response_Splitting)
While not an attack in itself, response splitting is a vector for several other
attacks, such as cross-site scripting (XSS).
This is related to [CVE-2020-5247](https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v),
which fixed this vulnerability but only for regular responses.
### Patches
This has been fixed in 4.3.3 and 3.12.4.
### Workarounds
Users can not allow untrusted/user input in the Early Hints response header.
cvss_v3: 6.5
patched_versions:
- "~> 3.12.4"
- ">= 4.3.3"
related:
cve:
- 2020-5247
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/gems/puma/CVE-2020-5249.yml |