In Puma (RubyGem) prior to 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puma puma |
||
fedoraproject fedora 33 |
||
debian debian linux 9.0 |