CVE-2020-5247 — HTTP Request/Response Splitting in Puma
Severity
7.5HIGHNVD
CNA5.3GHSA6.5GHSA5.3OSV5.3
EPSS
2.1%
top 15.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 28
Latest updateMar 23
Description
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related …
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages5 packages
Also affects: Debian Linux 9.0, Fedora 30, 31, 32
🔴Vulnerability Details
5📋Vendor Advisories
4Red Hat▶
rubygem-puma: attacker is able to use newline characters to insert malicious content (HTTP Response Splitting), this could lead to XSS↗2020-03-02
Red Hat▶
rubygem-puma: attacker is able to use carriage return character to insert malicious content (HTTP Response Splitting), this could lead to XSS↗2020-03-02
Debian▶
CVE-2020-5247: puma - In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma a...↗2020
💬Community
2Bugzilla▶
CVE-2020-5247 rubygem-puma: attacker is able to use newline characters to insert malicious content (HTTP Response Splitting), this could lead to XSS↗2020-03-23
Bugzilla▶
CVE-2020-5247 rubygem-puma: attacker is able to use newline characters to insert malicious content (HTTP Response Splitting), this could lead to XSS [fedora-all]↗2020-03-23