Lucene search
PRIOn knowledge basePRION:CVE-2020-11076HistoryMay 22, 2020 - 3:15 p.m.
Code injection
2020-05-2215:15:00
PRIOn knowledge base
www.prio-n.com
7
0.005 Low
EPSS
Percentile
77.4%
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
References
lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html
github.com/puma/puma/blob/master/History.md
github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
lists.debian.org/debian-lts-announce/2020/10/msg00009.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/
Related
veracode
veracode
HTTP Request Smuggling
2020-05-26 05:32:59
redhatcve
redhatcve
CVE-2020-11076
2020-06-01 13:51:44
CVE-2020-11077
2020-06-01 13:51:44
debiancve
debiancve
CVE-2020-11076
2020-05-22 15:15:11
CVE-2020-11077
2020-05-22 15:15:11
cvelist
cvelist
CVE-2020-11076 HTTP Smuggling via Transfer-Encoding Header in Puma
2020-05-22 14:50:12
CVE-2020-11077 HTTP Smuggling via Transfer-Encoding Header in Puma
2020-05-22 14:55:13
osv
osv
CVE-2020-11076
2020-05-22 15:15:11
HTTP Smuggling via Transfer-Encoding Header in Puma
2020-05-22 14:55:05
puma - security update
2020-10-07 00:00:00
github
github
HTTP Smuggling via Transfer-Encoding Header in Puma
2020-05-22 14:55:05
nvd
nvd
CVE-2020-11076
2020-05-22 15:15:11
CVE-2020-11077
2020-05-22 15:15:11
ubuntucve
ubuntucve
cve
cve
CVE-2020-11076
2020-05-22 15:15:11
CVE-2020-11077
2020-05-22 15:15:11
nessus
nessus
openSUSE Security Update : rubygem-puma (openSUSE-2020-1001)
2020-07-20 00:00:00
Debian DLA-2398-1 : puma security update
2020-10-08 00:00:00
openSUSE Security Update : rubygem-puma (openSUSE-2020-990)
2020-07-20 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: rubygem-puma-4.3.6-1.fc33
2020-09-25 17:18:05
openvas
openvas
Debian: Security Advisory (DLA-2398-1)
2020-10-08 00:00:00
openSUSE: Security Advisory for rubygem-puma (openSUSE-SU-2020:1001-1)
2020-07-19 00:00:00
openSUSE: Security Advisory for rubygem-puma (openSUSE-SU-2020:0990-1)
2020-07-19 00:00:00
prion
prion
Cross site request forgery (csrf)
2020-05-22 15:15:00
suse
suse
Security update for rubygem-puma (moderate)
2020-07-18 00:00:00
Security update for rubygem-puma (moderate)
2020-07-18 00:00:00
Security update for rmt-server (important)
2020-11-23 00:00:00
debian
debian
[SECURITY] [DLA 2398-1] puma security update
2020-10-07 11:06:30
ubuntu
ubuntu
Puma vulnerabilities
2024-03-07 00:00:00