Количество 12
Количество 12
CVE-2020-5247
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.
CVE-2020-5247
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.
CVE-2020-5247
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.
CVE-2020-5247
CVE-2020-5247
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...
GHSA-84j7-475p-hp8v
HTTP Response Splitting in Puma
BDU:2020-04073
Уязвимость HTTP-сервера для Ruby/Rack приложений Puma, связанная с некорректной нейтрализацией символов CR, LF, /r и /n перед внесением данных в HTTP-заголовки, позволяющая нарушителю осуществлять межсайтовые сценарные атаки
openSUSE-SU-2020:2000-1
Security update for rmt-server
openSUSE-SU-2020:1993-1
Security update for rmt-server
SUSE-SU-2020:3160-1
Security update for rmt-server
SUSE-SU-2020:3147-1
Security update for rmt-server
SUSE-SU-2020:3036-1
Security update for rmt-server
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-5247 In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters. | CVSS3: 6.5 | 2% Низкий | почти 6 лет назад |
 | CVE-2020-5247 In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters. | CVSS3: 5.3 | 2% Низкий | почти 6 лет назад |
 | CVE-2020-5247 In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters. | CVSS3: 6.5 | 2% Низкий | почти 6 лет назад |
 | CVSS3: 7.5 | 2% Низкий | больше 5 лет назад | |
| CVE-2020-5247 In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ... | CVSS3: 6.5 | 2% Низкий | почти 6 лет назад |
| GHSA-84j7-475p-hp8v HTTP Response Splitting in Puma | CVSS3: 6.5 | 2% Низкий | почти 6 лет назад |
 | BDU:2020-04073 Уязвимость HTTP-сервера для Ruby/Rack приложений Puma, связанная с некорректной нейтрализацией символов CR, LF, /r и /n перед внесением данных в HTTP-заголовки, позволяющая нарушителю осуществлять межсайтовые сценарные атаки | CVSS3: 6.5 | 2% Низкий | почти 6 лет назад |
 | openSUSE-SU-2020:2000-1 Security update for rmt-server | около 5 лет назад | ||
| openSUSE-SU-2020:1993-1 Security update for rmt-server | около 5 лет назад | ||
| SUSE-SU-2020:3160-1 Security update for rmt-server | больше 5 лет назад | ||
| SUSE-SU-2020:3147-1 Security update for rmt-server | больше 5 лет назад | ||
| SUSE-SU-2020:3036-1 Security update for rmt-server | больше 5 лет назад |
Уязвимостей на страницу