-
-
Notifications
You must be signed in to change notification settings - Fork 220
/
CVE-2020-5249.yml
34 lines (29 loc) · 1.12 KB
/
CVE-2020-5249.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
---
gem: puma
cve: 2020-5249
ghsa: 33vf-4xgg-9r58
url: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
date: 2020-03-03
title: HTTP Response Splitting (Early Hints) in Puma
description: |
### Impact
If an application using Puma allows untrusted input in an early-hints header,
an attacker can use a carriage return character to end the header and inject
malicious content, such as additional headers or an entirely new response body.
This vulnerability is known as [HTTP Response
Splitting](https://owasp.org/www-community/attacks/HTTP_Response_Splitting)
While not an attack in itself, response splitting is a vector for several other
attacks, such as cross-site scripting (XSS).
This is related to [CVE-2020-5247](https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v),
which fixed this vulnerability but only for regular responses.
### Patches
This has been fixed in 4.3.3 and 3.12.4.
### Workarounds
Users can not allow untrusted/user input in the Early Hints response header.
cvss_v3: 6.5
patched_versions:
- "~> 3.12.4"
- ">= 4.3.3"
related:
cve:
- 2020-5247