Lucene search
+L

5 matches found

redhat
redhat
added 2026/04/09 12:37 p.m.4 views

ruby: HTTP response splitting in WEBrick

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients...

5.3CVSS6.6AI score0.04569EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/04/02 4:56 p.m.6 views

CVE-2026-34240

JOSE is a Javascript Object Signing and Encryption JOSE library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header jwk. The vulnerability exists because key selection could tre...

7.5CVSS5.8AI score0.0013EPSS
Exploits0References1
redhat
redhat
added 2020/06/10 7:23 p.m.4 views

cryptacular: excessive memory allocation during a decode operation

CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attackers to trigger excessive memory allocation during a decode operation, because the nonce array length associated with "new byte" may depend on untrusted input within the header of encoded data...

7.5CVSS7.4AI score0.03334EPSS
Exploits1References4
osv
osv
added 2020/02/28 5:15 p.m.2 views

DEBIAN-CVE-2020-5247

In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...

7.5CVSS6.2AI score0.02549EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2016/10/03 12:0 a.m.10 views

PT-2020-3715 · Ruby +2 · Puma +2

Name of the Vulnerable Software and Affected Versions: Puma versions prior to 4.3.2 Puma versions prior to 3.12.3 Description: The issue is related to HTTP Response Splitting, where an attacker can use newline characters CR, LF, or /r, /n to end a header and inject malicious content, such as...

9.8CVSS6.5AI score0.99856EPSS
Exploits71References280
Rows per page
Query Builder