Moderate severityNVD Advisory· Published Feb 28, 2020· Updated Aug 4, 2024

HTTP Response Splitting in Puma

CVE-2020-5247

Description

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. CR, LF or/r, /n) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Puma HTTP response splitting vulnerability allows injection of arbitrary headers/body via newline characters in untrusted response header values.

Vulnerability

CVE-2020-5247 is an HTTP response splitting vulnerability in the Puma Ruby web server, affecting versions before 4.3.2 and before 3.12.3. The root cause is that Puma did not validate response header values for newline characters (CR, LF, or \r, \n). If an application using Puma includes untrusted input in a response header, an attacker can terminate the header early and inject arbitrary content, such as additional headers or an entirely new response body. This is akin to the vulnerability addressed in CVE-2019-16254 for the WEBrick Ruby web server [1][2].

Exploitation

Exploitation requires the target application to reflect untrusted user input into an HTTP response header without sanitization. The attacker sends a request with malicious newline characters embedded in a parameter that will be echoed back in a header. The underlying HTTP parser in Puma would then process those characters as line breaks, allowing the attacker to control the remainder of the HTTP response [2][3]. No authentication is needed; the attack is purely through crafting malicious HTTP requests [2].

Impact

A successful response splitting attack can be used to conduct cross-site scripting (XSS), web cache poisoning, or cross-user defacement. By injecting a complete fake response body, an attacker can serve malicious scripts to the victim's browser under the origin of the vulnerable application [2][3]. This can lead to session theft, credential harvesting, or other client-side attacks.

Mitigation

The vulnerability has been fixed in Puma versions 4.3.2 and 3.12.3. The fix adds a check for carriage return and line feed characters (CRLF_REGEX = /[\r\n]/) and rejects any headers containing those characters [4]. Users should upgrade to the patched versions immediately. If upgrading is not possible, ensure that any untrusted input is thoroughly sanitized before being placed into response headers, and consider using a WAF to block requests containing CR or LF characters in header values.

References

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pumaRubyGems	< 3.12.4	3.12.4
pumaRubyGems	>= 4.0.0, < 4.3.3	4.3.3

Affected products

244

osv-coords243 versions
pkg:bitnami/ruby pkg:bitnami/ruby-min pkg:gem/puma pkg:rpm/suse/ansible&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/ardana-ansible&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-ansible&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-barbican&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-barbican&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-barbican&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-cluster&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-db&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-db&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-db&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-designate&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-input-model&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-logging&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-monasca&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-monasca&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-mq&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-mq&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-neutron&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-octavia&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-octavia&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-octavia&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-osconfig&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-tempest&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/ardana-tempest&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/ardana-tempest&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/ardana-tls&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/crowbar-core&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/crowbar-ha&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/crowbar-ha&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/crowbar-ha&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/crowbar-openstack&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/documentation-hpe-helion-openstack-installation&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-operations&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-opsconsole&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-planning&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-security&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-hpe-helion-openstack-user&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/documentation-suse-openstack-cloud-deployment&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-installation&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-operations&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-opsconsole&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-planning&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-security&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-supplement&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-admin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/documentation-suse-openstack-cloud-upstream-user&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/documentation-suse-openstack-cloud-user&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/keepalived&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/kibana&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/memcached&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/memcached&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/monasca-installer&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-cinder&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-dashboard-theme-SUSE&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-designate&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-designate&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-heat&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-ironic&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-ironic-image&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-ironic-image&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-manila&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-manila&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-manila-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-manila-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-neutron-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-neutron-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-neutron-fwaas&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-neutron-fwaas-doc&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-nova&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-nova-doc&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/openstack-nova-doc&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/openstack-octavia-amphora-image&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-octavia-amphora-image&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/openstack-octavia&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/openstack-tempest&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/pdns&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/pdns&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-amqp&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/python-amqp&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/python-amqp&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/python-cinderclient&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-cinderclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-Django&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-glanceclient&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-glanceclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-ironicclient&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-ironicclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-ironic-lib&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-ironic-lib&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-keystonemiddleware&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-keystonemiddleware&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-manila-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-manila-tempest-plugin&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-novaclient&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-novaclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-octaviaclient&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-octaviaclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-openstackclient&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-openstackclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-os-brick&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-os-brick&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-oslo.config&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-oslo.config&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-oslo.rootwrap&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-oslo.rootwrap&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-oslo.utils&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-oslo.utils&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-Pillow&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-psql2mysql&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-psutil&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-py&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-pysaml2&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-swiftclient&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-swiftclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/python-waitress&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/python-watcherclient&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/python-watcherclient&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/rabbitmq-server&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/release-notes-suse-openstack-cloud&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1 pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP2 pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1 pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2 pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS pkg:rpm/suse/rmt-server&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015 pkg:rpm/suse/rubygem-activeresource&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/rubygem-crowbar-client&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/rubygem-json-1_7&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%206-LTSS pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/rubygem-puma&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209 pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/zookeeper&distro=HPE%20Helion%20OpenStack%208 pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%208 pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%209 pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208 pkg:rpm/suse/zookeeper&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 2.3.1+ 242 more
- (no CPE)range: < 2.3.1
- (no CPE)range: < 2.3.1
- (no CPE)range: < 3.12.4
- (no CPE)range: < 2.2.3.0-12.2
- (no CPE)range: < 8.0+git.1583432621.24fa60e-3.70.1
- (no CPE)range: < 8.0+git.1583432621.24fa60e-3.70.1
- (no CPE)range: < 9.0+git.1587034359.a12678b-3.19.1
- (no CPE)range: < 8.0+git.1585152761.8ef3d61-4.33.1
- (no CPE)range: < 8.0+git.1585152761.8ef3d61-4.33.1
- (no CPE)range: < 9.0+git.1583953599.cd723bb-3.10.1
- (no CPE)range: < 9.0+git.1585653734.c1fe3b2-3.13.1
- (no CPE)range: < 8.0+git.1583944923.03cca6c-3.31.1
- (no CPE)range: < 8.0+git.1583944923.03cca6c-3.31.1
- (no CPE)range: < 9.0+git.1586543314.6b6aa20-3.19.1
- (no CPE)range: < 9.0+git.1583445435.4bd1793-3.10.1
- (no CPE)range: < 9.0+git.1584632190.9541c56-3.16.1
- (no CPE)range: < 9.0+git.1585929695.f35b591-3.10.1
- (no CPE)range: < 8.0+git.1583944894.38f023a-3.24.1
- (no CPE)range: < 8.0+git.1583944894.38f023a-3.24.1
- (no CPE)range: < 9.0+git.1586769889.d43d736-3.16.1
- (no CPE)range: < 8.0+git.1583944811.dc14403-3.19.1
- (no CPE)range: < 8.0+git.1583944811.dc14403-3.19.1
- (no CPE)range: < 9.0+git.1586350749.a463fd2-3.13.1
- (no CPE)range: < 8.0+git.1584715262.e4ea620-3.39.1
- (no CPE)range: < 8.0+git.1584715262.e4ea620-3.39.1
- (no CPE)range: < 9.0+git.1587667603.507fb50-3.19.1
- (no CPE)range: < 8.0+git.1585171918.418f5cf-3.26.1
- (no CPE)range: < 8.0+git.1585171918.418f5cf-3.26.1
- (no CPE)range: < 9.0+git.1587486004.8e99c6b-3.16.1
- (no CPE)range: < 9.0+git.1586546715.dbd07ab-3.16.1
- (no CPE)range: < 8.0+git.1585311051.6ab5488-3.33.1
- (no CPE)range: < 8.0+git.1585311051.6ab5488-3.33.1
- (no CPE)range: < 9.0+git.1587398456.b31cc4a-3.13.1
- (no CPE)range: < 9.0+git.1586301209.c9413b4-3.12.1
- (no CPE)range: < 4.0+git.1580209654.1d112d31f-9.66.5
- (no CPE)range: < 5.0+git.1585575551.16781d00d-3.38.1
- (no CPE)range: < 6.0+git.1587558898.313bb9fd3-3.22.2
- (no CPE)range: < 4.0+git.1585316203.d6ad2c8-4.52.4
- (no CPE)range: < 5.0+git.1585316176.344190f-3.32.1
- (no CPE)range: < 6.0+git.1586256059.e6f67e1-3.16.1
- (no CPE)range: < 4.0+git.1589804581.9972163f0-9.71.4
- (no CPE)range: < 5.0+git.1585304226.2164b7895-4.37.1
- (no CPE)range: < 6.0+git.1587753188.da39e44a7-3.22.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 8.20200319-1.23.1
- (no CPE)range: < 4.6.5-1.14.1
- (no CPE)range: < 2.0.19-1.8.1
- (no CPE)range: < 4.6.3-5.1
- (no CPE)range: < 1.5.17-3.3.1
- (no CPE)range: < 1.5.17-3.6.1
- (no CPE)range: < 1.5.17-3.3.1
- (no CPE)range: < 1.5.17-3.3.1
- (no CPE)range: < 1.5.17-3.3.1
- (no CPE)range: < 1.5.17-3.3.1
- (no CPE)range: < 20180608_12.47-12.1
- (no CPE)range: < 11.1.1~dev5-3.13.2
- (no CPE)range: < 11.1.1~dev5-3.13.2
- (no CPE)range: < 13.0.10~dev9-3.19.1
- (no CPE)range: < 13.0.10~dev9-3.19.1
- (no CPE)range: < 2016.2-5.12.4
- (no CPE)range: < 7.0.1~dev25-3.16.2
- (no CPE)range: < 7.0.1~dev25-3.16.2
- (no CPE)range: < 11.0.3~dev35-3.16.1
- (no CPE)range: < 11.0.3~dev35-3.16.1
- (no CPE)range: < 11.1.5~dev3-3.16.1
- (no CPE)range: < 11.1.5~dev3-3.16.1
- (no CPE)range: < 9.0.0-3.6.1
- (no CPE)range: < 9.0.0-3.6.1
- (no CPE)range: < 5.1.1~dev5-3.26.2
- (no CPE)range: < 3.0.1~dev30-4.12.2
- (no CPE)range: < 5.1.1~dev5-3.26.2
- (no CPE)range: < 7.4.2~dev4-4.21.1
- (no CPE)range: < 5.1.1~dev5-3.26.2
- (no CPE)range: < 7.4.2~dev4-4.21.1
- (no CPE)range: < 5.1.1~dev5-3.26.1
- (no CPE)range: < 3.0.1~dev30-4.12.3
- (no CPE)range: < 5.1.1~dev5-3.26.1
- (no CPE)range: < 5.1.1~dev5-3.26.1
- (no CPE)range: < 11.0.9~dev63-3.30.2
- (no CPE)range: < 11.0.9~dev63-3.30.2
- (no CPE)range: < 13.0.8~dev28-3.22.1
- (no CPE)range: < 11.0.9~dev63-3.30.2
- (no CPE)range: < 13.0.8~dev28-3.22.1
- (no CPE)range: < 11.0.9~dev63-3.30.1
- (no CPE)range: < 11.0.9~dev63-3.30.1
- (no CPE)range: < 11.0.9~dev63-3.30.1
- (no CPE)range: < 9.0.2~dev5-4.9.3
- (no CPE)range: < 9.0.2~dev5-4.9.4
- (no CPE)range: < 16.1.9~dev61-3.35.2
- (no CPE)range: < 14.0.11~dev13-4.40.2
- (no CPE)range: < 16.1.9~dev61-3.35.2
- (no CPE)range: < 18.3.1~dev17-3.22.1
- (no CPE)range: < 16.1.9~dev61-3.35.2
- (no CPE)range: < 18.3.1~dev17-3.22.1
- (no CPE)range: < 16.1.9~dev61-3.35.1
- (no CPE)range: < 14.0.11~dev13-4.40.2
- (no CPE)range: < 16.1.9~dev61-3.35.1
- (no CPE)range: < 16.1.9~dev61-3.35.1
- (no CPE)range: < 0.1.3-7.9.2
- (no CPE)range: < 0.1.3-7.9.2
- (no CPE)range: < 3.2.3~dev2-3.22.1
- (no CPE)range: < 3.2.3~dev2-3.22.1
- (no CPE)range: < 12.2.1~a0~dev177-4.9.1
- (no CPE)range: < 4.1.2-3.6.1
- (no CPE)range: < 4.1.2-3.6.1
- (no CPE)range: < 2.4.2-3.9.1
- (no CPE)range: < 2.4.2-3.9.1
- (no CPE)range: < 2.4.2-3.9.1
- (no CPE)range: < 4.0.3-3.6.2
- (no CPE)range: < 4.0.3-3.6.2
- (no CPE)range: < 1.8.19-3.23.1
- (no CPE)range: < 2.13.2-3.3.2
- (no CPE)range: < 2.13.2-3.3.2
- (no CPE)range: < 2.5.4-4.10.1
- (no CPE)range: < 2.5.4-4.10.1
- (no CPE)range: < 2.14.3-3.6.1
- (no CPE)range: < 2.14.3-3.6.1
- (no CPE)range: < 5.2.2-17.1
- (no CPE)range: < 5.2.2-17.1
- (no CPE)range: < 0.1.0-3.6.1
- (no CPE)range: < 0.1.0-3.6.1
- (no CPE)range: < 11.0.1-3.3.1
- (no CPE)range: < 11.0.1-3.3.1
- (no CPE)range: < 1.6.2-3.6.1
- (no CPE)range: < 1.6.2-3.6.1
- (no CPE)range: < 3.16.3-11.1
- (no CPE)range: < 3.16.3-11.1
- (no CPE)range: < 2.5.10-3.9.2
- (no CPE)range: < 2.5.10-3.9.2
- (no CPE)range: < 6.4.2-3.3.1
- (no CPE)range: < 6.4.2-3.3.1
- (no CPE)range: < 5.14.2-3.3.1
- (no CPE)range: < 5.14.2-3.3.1
- (no CPE)range: < 3.36.5-3.3.1
- (no CPE)range: < 3.36.5-3.3.1
- (no CPE)range: < 2.8.1-4.12.1
- (no CPE)range: < 0.5.0+git.1589351878.4ef877c-1.12.1
- (no CPE)range: < 1.2.1-21.1
- (no CPE)range: < 1.8.1-11.12.1
- (no CPE)range: < 4.0.2-3.17.1
- (no CPE)range: < 3.6.1-3.3.1
- (no CPE)range: < 3.6.1-3.3.1
- (no CPE)range: < 1.4.3-3.3.1
- (no CPE)range: < 2.1.1-3.3.1
- (no CPE)range: < 2.1.1-3.3.1
- (no CPE)range: < 3.4.4-3.16.1
- (no CPE)range: < 7.20180803-3.18.3
- (no CPE)range: < 9.20200319-3.18.1
- (no CPE)range: < 9.20200319-3.18.1
- (no CPE)range: < 2.6.5-3.34.1
- (no CPE)range: < 2.6.5-3.34.1
- (no CPE)range: < 2.6.5-3.18.1
- (no CPE)range: < 2.6.5-3.3.1
- (no CPE)range: < 2.6.5-3.18.1
- (no CPE)range: < 2.6.5-3.3.1
- (no CPE)range: < 2.6.5-3.34.1
- (no CPE)range: < 2.6.5-3.34.1
- (no CPE)range: < 4.0.0-3.3.1
- (no CPE)range: < 3.9.2-7.20.1
- (no CPE)range: < 3.9.2-3.6.1
- (no CPE)range: < 1.7.7-3.3.1
- (no CPE)range: < 2.16.0-4.3.1
- (no CPE)range: < 2.16.0-4.6.1
- (no CPE)range: < 2.16.0-3.6.1
- (no CPE)range: < 2.16.0-4.6.1
- (no CPE)range: < 5.1.1~dev7-12.24.1
- (no CPE)range: < 5.1.1~dev7-12.24.1
- (no CPE)range: < 5.0.2~dev3-12.25.1
- (no CPE)range: < 5.0.2~dev3-12.25.1
- (no CPE)range: < 7.0.1~dev24-3.17.1
- (no CPE)range: < 9.0.8~dev7-12.22.1
- (no CPE)range: < 9.0.8~dev7-12.22.1
- (no CPE)range: < 11.2.3~dev23-14.25.1
- (no CPE)range: < 11.2.3~dev23-14.25.1
- (no CPE)range: < 13.0.10~dev9-3.17.1
- (no CPE)range: < 5.0.3~dev7-12.23.1
- (no CPE)range: < 5.0.3~dev7-12.23.1
- (no CPE)range: < 7.0.1~dev25-3.17.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.20.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.20.1
- (no CPE)range: < 15.0.3~dev3-12.23.1
- (no CPE)range: < 15.0.3~dev3-12.23.1
- (no CPE)range: < 17.0.1~dev30-3.15.1
- (no CPE)range: < 9.0.8~dev22-12.25.1
- (no CPE)range: < 9.0.8~dev22-12.25.1
- (no CPE)range: < 11.0.3~dev35-3.17.1
- (no CPE)range: < 14.1.1~dev1-4.16.1
- (no CPE)range: < 9.1.8~dev8-12.25.1
- (no CPE)range: < 9.1.8~dev8-12.25.1
- (no CPE)range: < 11.1.5~dev3-4.13.1
- (no CPE)range: < 12.0.4~dev5-11.26.1
- (no CPE)range: < 12.0.4~dev5-11.26.1
- (no CPE)range: < 14.1.1~dev36-3.17.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.24.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.24.1
- (no CPE)range: < 7.2.1~dev1-4.17.1
- (no CPE)range: < 5.1.1~dev5-12.29.1
- (no CPE)range: < 5.1.1~dev5-12.29.1
- (no CPE)range: < 7.4.2~dev4-3.19.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.20.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.20.1
- (no CPE)range: < 1.8.2~dev3-3.17.1
- (no CPE)range: < 2.7.1~dev10-3.15.1
- (no CPE)range: < 4.0.2~dev2-12.20.1
- (no CPE)range: < 4.0.2~dev2-12.20.1
- (no CPE)range: < 11.0.9~dev63-13.28.1
- (no CPE)range: < 11.0.9~dev63-13.28.1
- (no CPE)range: < 13.0.8~dev28-6.17.1
- (no CPE)range: < 16.1.9~dev61-11.26.1
- (no CPE)range: < 16.1.9~dev61-11.26.1
- (no CPE)range: < 18.3.1~dev17-3.17.1
- (no CPE)range: < 1.0.6~dev3-12.25.1
- (no CPE)range: < 1.0.6~dev3-12.25.1
- (no CPE)range: < 3.2.3~dev2-4.17.1
- (no CPE)range: < 7.0.5~dev4-11.24.1
- (no CPE)range: < 7.0.5~dev4-11.24.1
- (no CPE)range: < 9.0.2~dev15-3.17.1
- (no CPE)range: < 2.19.2~dev48-2.12.1
- (no CPE)range: < 8.0.2~dev2-11.24.1
- (no CPE)range: < 8.0.2~dev2-11.24.1
- (no CPE)range: < 3.4.10-3.6.1
- (no CPE)range: < 3.4.10-6.1
- (no CPE)range: < 3.4.10-3.6.1
- (no CPE)range: < 3.4.13-3.3.1
- (no CPE)range: < 3.4.10-3.6.1
- (no CPE)range: < 3.4.13-3.3.1
puma/Pumav5
Range: < 3.12.3

Patches

c36491756f68

Merge pull request from GHSA-84j7-475p-hp8v

https://github.com/puma/pumaNate BerkopecFeb 27, 2020via ghsa

commit

8 files changed · +55 −1

benchmarks/wrk/hello.sh+1 −1 modified

@@ -3,6 +3,6 @@
 bundle exec bin/puma -t 4 test/rackup/hello.ru &
 PID1=$!
 sleep 5
-wrk -c 4 --latency http://localhost:9292
+wrk -c 4 -d 30 --latency http://localhost:9292
 
 kill $PID1

benchmarks/wrk/many_long_headers.sh+6 −0 added

@@ -0,0 +1,6 @@
+bundle exec bin/puma -t 4 test/rackup/many_long_headers.ru &
+PID1=$!
+sleep 5
+wrk -c 4 -d 30 --latency http://localhost:9292
+
+kill $PID1

benchmarks/wrk/realistic_response.sh+6 −0 added

@@ -0,0 +1,6 @@
+bundle exec bin/puma -t 4 test/rackup/realistic_response.ru &
+PID1=$!
+sleep 5
+wrk -c 4 -d 30 --latency http://localhost:9292
+
+kill $PID1

lib/puma/const.rb+1 −0 modified

@@ -228,6 +228,7 @@ module Const
     COLON = ": ".freeze
 
     NEWLINE = "\n".freeze
+    CRLF_REGEX = /[\r\n]/.freeze
 
     HIJACK_P = "rack.hijack?".freeze
     HIJACK = "rack.hijack".freeze

lib/puma/server.rb+2 −0 modified

@@ -686,6 +686,8 @@ def handle_request(req, lines)
           status, headers, res_body = @app.call(env)
 
           return :async if req.hijacked
+          # Checking to see if an attacker is trying to inject headers into the response
+          headers.reject! { |_k, v| CRLF_REGEX =~ v.to_s }
 
           status = status.to_i

test/rackup/many_long_headers.ru+9 −0 added

@@ -0,0 +1,9 @@
+require 'securerandom'
+
+long_header_hash = {}
+
+30.times do |i|
+  long_header_hash["X-My-Header-#{i}"] = SecureRandom.hex(1000)
+end
+
+run lambda { |env| [200, long_header_hash, ["Hello World"]] }

test/rackup/realistic_response.ru+11 −0 added

@@ -0,0 +1,11 @@
+require 'securerandom'
+
+long_header_hash = {}
+
+25.times do |i|
+  long_header_hash["X-My-Header-#{i}"] = SecureRandom.hex(25)
+end
+
+response = SecureRandom.hex(100_000) # A 100kb document
+
+run lambda { |env| [200, long_header_hash.dup, [response.dup]] }

test/test_puma_server.rb+19 −0 modified

@@ -771,4 +771,23 @@ def test_open_connection_wait_no_queue
     @server = Puma::Server.new @app, @events, queue_requests: false
     test_open_connection_wait
   end
+
+  # https://github.com/ruby/ruby/commit/d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16
+  def test_prevent_response_splitting_headers
+    server_run app: ->(_) { [200, {'X-header' => "malicious\r\nCookie: hack"}, ["Hello"]] }
+    data = send_http_and_read "HEAD / HTTP/1.0\r\n\r\n"
+    refute_match 'hack', data
+  end
+
+  def test_prevent_response_splitting_headers_cr
+    server_run app: ->(_) { [200, {'X-header' => "malicious\rCookie: hack"}, ["Hello"]] }
+    data = send_http_and_read "HEAD / HTTP/1.0\r\n\r\n"
+    refute_match 'hack', data
+  end
+
+  def test_prevent_response_splitting_headers_lf
+    server_run app: ->(_) { [200, {'X-header' => "malicious\nCookie: hack"}, ["Hello"]] }
+    data = send_http_and_read "HEAD / HTTP/1.0\r\n\r\n"
+    refute_match 'hack', data
+  end
 end

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-84j7-475p-hp8vghsaADVISORY
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/mitrevendor-advisoryx_refsource_FEDORA
nvd.nist.gov/vuln/detail/CVE-2020-5247ghsaADVISORY
github.com/puma/puma/commit/c36491756f68a9d6a8b3a49e7e5eb07fe6f1332fghsaWEB
github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8vghsax_refsource_CONFIRMWEB
github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2020-5247.ymlghsaWEB
lists.debian.org/debian-lts-announce/2022/05/msg00034.htmlghsamailing-listx_refsource_MLISTWEB
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIKghsaWEB
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPKghsaWEB
lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRDghsaWEB
owasp.org/www-community/attacks/HTTP_Response_Splittingghsax_refsource_MISCWEB
www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.002
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000