Launchpad CVE tracker

CVE 2020-11076

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

Related bugs and status

CVE-2020-11076 (Candidate) is related to these bugs:

Bug #2006461: [MIR] Promote puma to main as a pcs dependency

Summary				In	Importance	Status
	2006461	[MIR] Promote puma to main as a pcs dependency		puma (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://github.com/pum...
MISC: https://github.com/pum...
MISC: https://github.com/pum...
SUSE: openSUSE-SU-2020:0990
SUSE: openSUSE-SU-2020:1001
FEDORA: FEDORA-2020-fe354f24e8
MLIST: [debian-lts-announce] ...

Launchpad.net

CVE 2020-11076

Related bugs and status

Related bugs

References