19 matches found
EUVD-2020-0325
Malware in sbrugna...
Debian DLA-3023-1 : puma - LTS security update
The remote Debian 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3023 advisory. Several security vulnerabilities have been discovered in puma, a web server for Ruby/Rack applications. These flaws may lead to information leakage due to not alwa...
CVE-2020-5247 affecting package ruby 2.6.3-3
CVE-2020-5247 affecting package ruby 2.6.3-3. An upgraded version of the package is available that resolves this issue...
SUSE: Security Advisory (SUSE-SU-2020:3147-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2020:2060-1 Security update for rubygem-puma
This update for rubygem-puma fixes the following issues: - Add patches for disabling TLSv1.0 and TLSv1.1 jscSLE-6965: - Add CVE-2020-11077.patch bsc1172175, CVE-2020-11077 - Add CVE-2020-11076.patch bsc1172176, CVE-2020-11076 - Add CVE-2020-5247.patch bsc1165402 'Fixes a problem where we were not...
Fedora: Security Advisory for rubygem-puma (FEDORA-2020-fd87f90634)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 31 : rubygem-puma (2020-fd87f90634)
Security fix for CVE-2020-5247, CVE-2020-5249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
Fedora 30 : rubygem-puma (2020-08092b4c97)
Security fix for CVE-2020-5247, CVE-2020-5249 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C...
GHSA-33VF-4XGG-9R58 HTTP Response Splitting (Early Hints) in Puma
Impact If an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting...
HTTP Response Splitting (Early Hints) in Puma
Impact If an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting...
HTTP Response Splitting
puma is vulnerable to HTTP response splitting. The attack exist because it does not properly handle the CRLF carriage feed or line return characters injection in early hints response header, allowing an attacker to inject CRLF to end the the HTTP response header and manipulate with malicious...
HTTP Response Splitting (Early Hints) in Puma
Impact If an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting...
Cross site scripting
In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...
CVE-2020-5247
In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...
CVE-2020-5247
In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...
CVE-2020-5247
In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...
CVE-2020-5247
In Puma RubyGem before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters i.e. CR, LF or/r, /n to end the header and inject malicious content, such as additional headers or an entirely new response body. This...
CVE-2020-5247
CVE-2020-5247 is a HTTP Response Splitting vulnerability affecting Puma (RubyGem) in versions prior to 4.3.2 and 3.12.3 when untrusted input reaches response headers. An attacker could inject CR/LF sequences to terminate a header and inject new headers or a response body. The issue is mitigated b...
Photon OS 3.0: Ruby PHSA-2020-3.0-0047
An update of the ruby package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2020-3.0-0047. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid133068;...