exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

bind:"GHSA-33vf-4xgg-9r58" OR bind:"CVE-2020-5249"

exploitDog

bind:"GHSA-33vf-4xgg-9r58" OR bind:"CVE-2020-5249"

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 10

Количество 10

GHSA-33vf-4xgg-9r58

почти 6 лет назад

HTTP Response Splitting (Early Hints) in Puma

CVSS3: 6.5

EPSS: Низкий

CVE-2020-5249

почти 6 лет назад

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.

CVSS3: 6.5

EPSS: Низкий

CVE-2020-5249

почти 6 лет назад

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.

CVSS3: 5.3

EPSS: Низкий

CVE-2020-5249

почти 6 лет назад

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.

CVSS3: 6.5

EPSS: Низкий

CVE-2020-5249

почти 6 лет назад

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...

CVSS3: 6.5

EPSS: Низкий

openSUSE-SU-2020:2000-1

около 5 лет назад

Security update for rmt-server

EPSS: Низкий

openSUSE-SU-2020:1993-1

около 5 лет назад

Security update for rmt-server

EPSS: Низкий

SUSE-SU-2020:3160-1

больше 5 лет назад

Security update for rmt-server

EPSS: Низкий

SUSE-SU-2020:3147-1

больше 5 лет назад

Security update for rmt-server

EPSS: Низкий

SUSE-SU-2020:3036-1

больше 5 лет назад

Security update for rmt-server

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	GHSA-33vf-4xgg-9r58 HTTP Response Splitting (Early Hints) in Puma	CVSS3: 6.5	0% Низкий	почти 6 лет назад
	CVE-2020-5249 In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.	CVSS3: 6.5	0% Низкий	почти 6 лет назад
	CVE-2020-5249 In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.	CVSS3: 5.3	0% Низкий	почти 6 лет назад
	CVE-2020-5249 In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.	CVSS3: 6.5	0% Низкий	почти 6 лет назад
	CVE-2020-5249 In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...	CVSS3: 6.5	0% Низкий	почти 6 лет назад
	openSUSE-SU-2020:2000-1 Security update for rmt-server			около 5 лет назад
	openSUSE-SU-2020:1993-1 Security update for rmt-server			около 5 лет назад
	SUSE-SU-2020:3160-1 Security update for rmt-server			больше 5 лет назад
	SUSE-SU-2020:3147-1 Security update for rmt-server			больше 5 лет назад
	SUSE-SU-2020:3036-1 Security update for rmt-server			больше 5 лет назад

Уязвимостей на страницу