-
-
Notifications
You must be signed in to change notification settings - Fork 221
/
Copy pathCVE-2023-40175.yml
39 lines (30 loc) · 1.26 KB
/
CVE-2023-40175.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
---
gem: puma
cve: 2023-40175
ghsa: 68xg-gqqm-vgj8
url: https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8
title: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in puma
date: 2023-08-18
description: |
### Impact
Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling.
The following vulnerabilities are addressed by this advisory:
- Incorrect parsing of trailing fields in chunked transfer encoding bodies
- Parsing of blank/zero-length Content-Length headers`\r\n`
### Patches
The vulnerability has been fixed in 6.3.1 and 5.6.7.
### Workarounds
No known workarounds.
### References
[HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling)
cvss_v3: 6.5
patched_versions:
- '~> 5.6.7'
- '>= 6.3.1'
related:
url:
- https://github.com/puma/puma/releases/tag/v5.6.7
- https://github.com/puma/puma/releases/tag/v6.3.1
- https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a
- https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1
- https://github.com/advisories/GHSA-68xg-gqqm-vgj8