GHSA-pfqj-w6r6-g86v

Опубликовано: 27 мар. 2025

Источник: github

Github: Прошло ревью

CVSS3: 4.3

Описание

Pitchfork HTTP Request/Response Splitting vulnerability

Impact

HTTP Response Header Injection in Pitchfork Versions < 0.11.0 when used in conjunction with Rack 3

Patches

The issue was fixed in Pitchfork release 0.11.0

Workarounds

There are no known work arounds. Users must upgrade.

Ссылки

Пакеты

Наименование

pitchfork

rubygems

Затронутые версииВерсия исправления

< 0.11.0

0.11.0

EPSS

Процентиль: 51%

0.00278

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2025-30221

Дефекты

CWE-113

Связанные уязвимости

CVE-2025-30221

CVSS3: 4.3

nvd

11 месяцев назад

Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available.

EPSS

Процентиль: 51%

0.00278

Низкий

4.3 Medium

CVSS3

CVE ID

CVE-2025-30221

Дефекты

CWE-113