Описание
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 5.6.5-3ubuntu1 |
| eoan | ignored | end of life |
| esm-apps/focal | released | 3.12.4-1ubuntu2+esm1 |
| esm-apps/jammy | not-affected | 5.5.2-2ubuntu2 |
| esm-infra-legacy/trusty | DNE | |
| focal | ignored | end of standard support, was needed |
| groovy | ignored | end of life |
| hirsute | ignored | end of life |
| impish | ignored | end of life |
Показывать по
Ссылки на источники
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ...
HTTP Smuggling via Transfer-Encoding Header in Puma
Уязвимость HTTP-сервера для Ruby/Rack приложений Puma, связанная с недостатками обработки HTTP-запросов, позволяющая нарушителю оказать влияние на целостность информации
5 Medium
CVSS2
7.5 High
CVSS3