puma is vulnerable to HTTP response splitting. The attack exist because it does not properly handle the CRLF (carriage feed or line return) characters injection in early hints response header, allowing an attacker to inject CRLF to end the the HTTP response header and manipulate with malicious content, such as additional headers or an entirely new response body. This vulnerability exists due to an incomplete fix of CVE-2020-5247.
CPE | Name | Operator | Version |
---|---|---|---|
puma | le | 4.3.2 | |
puma | le | 3.12.3 | |
puma:buster | eq | 3.12.0-2+deb10u1 |
github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3
github.com/puma/puma/pull/2136
github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
lists.fedoraproject.org/archives/list/[email protected]/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/
lists.fedoraproject.org/archives/list/[email protected]/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/
lists.fedoraproject.org/archives/list/[email protected]/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/
owasp.org/www-community/attacks/HTTP_Response_Splitting
www.sourceclear.com/vulnerability-database/vulnerabilities/22623