CVE-2020-11077

{"id": "CVE-2020-11077", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.2}]}, "published": "2020-05-22T15:15:11.507", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/", "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-444"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-444"}]}], "descriptions": [{"lang": "en", "value": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5."}, {"lang": "es", "value": "En Puma (RubyGem) versiones anteriores a 4.3.5 y 3.12.6, un cliente podr\u00eda hacer pasar sin autorizaci\u00f3n una petici\u00f3n por medio de un proxy, causando que el proxy env\u00ede una respuesta a otro cliente desconocido. Si el proxy usa conexiones persistentes y el cliente agrega otra petici\u00f3n por medio de la canalizaci\u00f3n HTTP, el proxy puede confundirlo como el cuerpo de la primera petici\u00f3n. Sin embargo, Puma lo ver\u00eda como dos peticiones y, al procesar la segunda petici\u00f3n, devolver\u00eda una respuesta que el proxy no espera. Si el proxy ha reutilizado la conexi\u00f3n persistente a Puma para enviar otra petici\u00f3n para un cliente diferente, la segunda respuesta desde el primer cliente ser\u00e1 enviada al segundo cliente. Esta es una vulnerabilidad similar pero diferente de CVE-2020-11076. El problema se ha corregido en Puma versi\u00f3n 3.12.6 y Puma versi\u00f3n 4.3.5."}], "lastModified": "2023-11-07T03:14:29.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "94D6645C-59B2-466F-A147-B23EF284DEBA", "versionEndExcluding": "3.12.6", "versionStartIncluding": "3.0.0"}, {"criteria": "cpe:2.3:a:puma:puma:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "916E4164-0951-4145-85D6-684EF781F13A", "versionEndExcluding": "4.3.5", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"}, {"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}