Описание
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
A flaw was found in rubygem-puma. An attacker could smuggle an HTTP response, by using an invalid transfer-encoding header.
Отчет
Red Hat Gluster Storage 3 Web Administration component uses affected RubyGem Puma, which does not have the http body chunk verification.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | rubygem-puma | Will not fix | ||
| Red Hat Storage 3 | rubygem-puma | Affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ...
HTTP Smuggling via Transfer-Encoding Header in Puma
Уязвимость HTTP-сервера для Ruby/Rack приложений Puma, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю оказать влияние на целостность информации
EPSS
7.5 High
CVSS3