7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.2%
In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request
through a proxy, causing the proxy to send a response back to another
unknown client. If the proxy uses persistent connections and the client
adds another request in via HTTP pipelining, the proxy may mistake it as
the first request’s body. Puma, however, would see it as two requests, and
when processing the second request, send back a response that the proxy
does not expect. If the proxy has reused the persistent connection to Puma
to send another request for a different client, the second response from
the first client will be sent to the second client. This is a similar but
different vulnerability from CVE-2020-11076. The problem has been fixed in
Puma 3.12.6 and Puma 4.3.5.
github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22
github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
launchpad.net/bugs/cve/CVE-2020-11077
nvd.nist.gov/vuln/detail/CVE-2020-11077
security-tracker.debian.org/tracker/CVE-2020-11077
ubuntu.com/security/notices/USN-6682-1
www.cve.org/CVERecord?id=CVE-2020-11077
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
74.2%