5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.01 Low
EPSS
Percentile
83.3%
In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma
allows untrusted input in an early-hints header, an attacker can use a
carriage return character to end the header and inject malicious content,
such as additional headers or an entirely new response body. This
vulnerability is known as HTTP Response Splitting. While not an attack in
itself, response splitting is a vector for several other attacks, such as
cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed
this vulnerability but only for regular responses. This has been fixed in
4.3.3 and 3.12.4.
github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3
github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
launchpad.net/bugs/cve/CVE-2020-5249
nvd.nist.gov/vuln/detail/CVE-2020-5249
owasp.org/www-community/attacks/HTTP_Response_Splitting
security-tracker.debian.org/tracker/CVE-2020-5249
www.cve.org/CVERecord?id=CVE-2020-5249
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.01 Low
EPSS
Percentile
83.3%