VYPR
High severityNVD Advisory· Published May 22, 2020· Updated Aug 4, 2024

HTTP Smuggling via Transfer-Encoding Header in Puma

CVE-2020-11076

Description

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pumaRubyGems
< 3.12.53.12.5
pumaRubyGems
>= 4.0.0, < 4.3.44.3.4

Affected products

225

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.