CVE-2020-11076

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
Configurations

Configuration 1

cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*
cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*

Information

Published : 2020-05-22 03:15

Updated : 2020-10-07 01:15


NVD link : CVE-2020-11076

Mitre link : CVE-2020-11076

Products Affected
No products.
CWE
CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')