CVE-2020-11076

2020-05-22 17:15:00 2020-10-07 15:15:00

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Puma Puma * * * * (not an official CPE) Puma Puma * * * * (not an official CPE)

Puma - Puma

Advisory	Patch	Confirmed	Link
			https://lists.debian.org/debian-lts-announce/2020/10/msg...
			https://github.com/puma/puma/security/advisories/GHSA-x7...
			https://github.com/puma/puma/commit/f24d5521295a2152c286...
			https://github.com/puma/puma/blob/master/History.md#4344...
			http://lists.opensuse.org/opensuse-security-announce/202...
			http://lists.opensuse.org/opensuse-security-announce/202...
			https://lists.fedoraproject.org/archives/list/package-an...