ghsa-68xg-gqqm-vgj8
Vulnerability from github
Published
2023-08-18 21:50
Modified
2023-08-24 22:34
Severity ?
Summary
Puma HTTP Request/Response Smuggling vulnerability
Details
Impact
Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling.
The following vulnerabilities are addressed by this advisory:
- Incorrect parsing of trailing fields in chunked transfer encoding bodies
- Parsing of blank/zero-length Content-Length headers
Patches
The vulnerability has been fixed in 6.3.1 and 5.6.7.
Workarounds
No known workarounds.
References
For more information
If you have any questions or comments about this advisory:
Open an issue in Puma See our security policy
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "puma"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.6.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "RubyGems",
"name": "puma"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-40175"
],
"database_specific": {
"cwe_ids": [
"CWE-444"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-18T21:50:05Z",
"nvd_published_at": "2023-08-18T22:15:11Z",
"severity": "CRITICAL"
},
"details": "### Impact\nPrior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling.\n\nThe following vulnerabilities are addressed by this advisory:\n\n* Incorrect parsing of trailing fields in chunked transfer encoding bodies\n* Parsing of blank/zero-length Content-Length headers\n\n### Patches\nThe vulnerability has been fixed in 6.3.1 and 5.6.7.\n\n### Workarounds\nNo known workarounds.\n\n### References\n[HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling)\n\n### For more information\nIf you have any questions or comments about this advisory:\n\nOpen an issue in [Puma](https://github.com/puma/puma)\nSee our [security policy](https://github.com/puma/puma/security/policy)\n",
"id": "GHSA-68xg-gqqm-vgj8",
"modified": "2023-08-24T22:34:11Z",
"published": "2023-08-18T21:50:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40175"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/commit/7405a219801dcebc0ad6e0aa108d4319ca23f662"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1"
},
{
"type": "PACKAGE",
"url": "https://github.com/puma/puma"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/releases/tag/v5.6.7"
},
{
"type": "WEB",
"url": "https://github.com/puma/puma/releases/tag/v6.3.1"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2023-40175.yml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Puma HTTP Request/Response Smuggling vulnerability"
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.