QwikSec

Security Database

CVE

CWE

Training

CVE-2020-5249

Published: Mar 2, 2020

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.1

6.5

MEDIUM

Description

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.

Vendor	Product	Versions
puma	Puma	affected `< 3.12.4` affected `>= 4.0.0, < 4.3.3`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

References

https://owasp.org/www-community/attacks/HTTP_Response_Splitting

x_refsource_MISC

https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58

x_refsource_CONFIRM

https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v

x_refsource_MISC

https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3

x_refsource_MISC

FEDORA-2020-a3f26a9387

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-fd87f90634

vendor-advisory

x_refsource_FEDORA

FEDORA-2020-08092b4c97

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.