Lucene search
+L

542 matches found

osv
osv
added 2020/03/02 4:15 p.m.1 views

DEBIAN-CVE-2020-5249

In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...

6.5CVSS6.5AI score0.01571EPSS
Exploits0References1
osv
osv
added 2020/03/02 4:15 p.m.29 views

CVE-2020-5249

In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...

6.5CVSS7.2AI score
Exploits0References7
ubuntucve
ubuntucve
added 2020/03/02 4:15 p.m.30 views

CVE-2020-5249

In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...

6.5CVSS6.7AI score0.01571EPSS
Exploits0References5
prion
prion
added 2020/03/02 4:15 p.m.36 views

Cross site scripting

In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...

4CVSS6.5AI score0.02549EPSS
Exploits0References7Affected Software1
osv
osv
added 2020/03/02 4:15 p.m.10 views

UBUNTU-CVE-2020-5249

In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...

6.5CVSS6.9AI score0.01571EPSS
Exploits0References6
cvelist
cvelist
added 2020/03/02 3:20 p.m.43 views

CVE-2020-5249 HTTP Response Splitting (Early Hints) in Puma

In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...

6.5CVSS6.6AI score0.01571EPSS
Exploits0References7
cve
cve
added 2020/03/02 3:20 p.m.179 views

CVE-2020-5249

CVE-2020-5249 affects Puma RubyGem: untrusted input in an Early Hints header can allow HTTP Response Splitting via a carriage return that ends the header and injects content. Impact: attacking craftable headers or response bodies in vulnerable Puma versions. Affected: Puma before 4.3.3 and 3.12.4...

6.5CVSS6.6AI score0.01571EPSS
Exploits0References7Affected Software1
debiancve
debiancve
added 2020/03/02 3:20 p.m.71 views

CVE-2020-5249

In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...

6.5CVSS7AI score0.01571EPSS
Exploits0
veracode
veracode
added 2020/03/02 1:51 a.m.34 views

CRLF Injection

puma is vulnerable to CRLF injection. The values in the HTTP response headers not sanitized and validated, allowing an attacker perform HTTP response splitting by adding carriage feed or line return characters to inject arbitrary content in the HTTP response from the server. This vulnerability is...

7.5CVSS3AI score0.04569EPSS
Exploits0References12Affected Software1
nvd
nvd
added 2020/02/28 5:15 p.m.29 views

CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.4AI score0.02549EPSS
Exploits0References7
osv
osv
added 2020/02/28 5:15 p.m.2 views

DEBIAN-CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.2AI score0.02549EPSS
Exploits0References1
osv
osv
added 2020/02/28 5:15 p.m.31 views

CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS7.3AI score0.04569EPSS
Exploits0References7
ubuntucve
ubuntucve
added 2020/02/28 5:15 p.m.42 views

CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.6AI score0.02549EPSS
Exploits0References6
osv
osv
added 2020/02/28 5:15 p.m.4 views

UBUNTU-CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.6AI score0.04569EPSS
Exploits0References7
prion
prion
added 2020/02/28 5:15 p.m.34 views

Cross site scripting

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

5CVSS6.1AI score0.04569EPSS
Exploits0References7Affected Software4
cvelist
cvelist
added 2020/02/28 4:55 p.m.48 views

CVE-2020-5247 HTTP Response Splitting in Puma

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

6.5CVSS6.7AI score0.02549EPSS
Exploits0References7
debiancve
debiancve
added 2020/02/28 4:55 p.m.65 views

CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.8AI score0.02549EPSS
Exploits0
cve
cve
added 2020/02/28 4:55 p.m.307 views

CVE-2020-5247

CVE-2020-5247 is a HTTP Response Splitting vulnerability affecting Puma (RubyGem) in versions prior to 4.3.2 and 3.12.3 when untrusted input reaches response headers. An attacker could inject CR/LF sequences to terminate a header and inject new headers or a response body. The issue is mitigated b...

7.5CVSS6.7AI score0.02549EPSS
Exploits0References7Affected Software2
github
github
added 2020/02/28 4:53 p.m.86 views

HTTP Response Splitting in Puma

In Puma RubyGem before 4.3.2 and 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.5AI score0.02549EPSS
Exploits0References11Affected Software1
osv
osv
added 2020/02/28 4:53 p.m.53 views

GHSA-84J7-475P-HP8V HTTP Response Splitting in Puma

In Puma RubyGem before 4.3.2 and 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

6.5CVSS6.6AI score0.04569EPSS
Exploits0References11
Rows per page
Query Builder