GoogleOSV:GHSA-X7JG-6PWG-FX5HHTTP Smuggling via Transfer-Encoding Header in Puma
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.8%
Impact
By using an invalid transfer-encoding header, an attacker could smuggle an HTTP response.
Originally reported by @ZeddYu, who has our thanks for the detailed report.
Patches
The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
For more information
If you have any questions or comments about this advisory:
- Open an issue in Puma
- See our security policy
References
lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html
github.com/puma/puma
github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22
github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2020-11076.yml
lists.debian.org/debian-lts-announce/2020/10/msg00009.html
lists.fedoraproject.org/archives/list/[email protected]/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR
nvd.nist.gov/vuln/detail/CVE-2020-11076
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
75.8%