Candidate: CVE-2020-5249
PublicDate: 2020-03-02 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5249
 https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
 https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3
 https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
 https://owasp.org/www-community/attacks/HTTP_Response_Splitting
Description:
 In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma
 allows untrusted input in an early-hints header, an attacker can use a
 carriage return character to end the header and inject malicious content,
 such as additional headers or an entirely new response body. This
 vulnerability is known as HTTP Response Splitting. While not an attack in
 itself, response splitting is a vector for several other attacks, such as
 cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed
 this vulnerability but only for regular responses. This has been fixed in
 4.3.3 and 3.12.4.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N [6.5 MEDIUM]


Patches_puma:
upstream_puma: needs-triage
precise/esm_puma: DNE
trusty_puma: ignored (out of standard support)
trusty/esm_puma: DNE
xenial_puma: DNE
bionic_puma: DNE
eoan_puma: ignored (reached end-of-life)
focal_puma: not-affected (3.12.4-1ubuntu2)
devel_puma: not-affected (3.12.4-1ubuntu2)