9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.2%
Puma is a Ruby/Rack web server built for parallelism. Prior to versions
6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked
transfer encoding bodies and zero-length Content-Length headers in a way
that allowed HTTP request smuggling. Severity of this issue is highly
dependent on the nature of the web site using puma is. This could be caused
by either incorrect parsing of trailing fields in chunked transfer encoding
bodies or by parsing of blank/zero-length Content-Length headers. Both
issues have been addressed and this vulnerability has been fixed in
versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known
workarounds for this vulnerability.
github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8
launchpad.net/bugs/cve/CVE-2023-40175
nvd.nist.gov/vuln/detail/CVE-2023-40175
security-tracker.debian.org/tracker/CVE-2023-40175
ubuntu.com/security/notices/USN-6399-1
ubuntu.com/security/notices/USN-6682-1
www.cve.org/CVERecord?id=CVE-2023-40175