csaf_opensuse - opensuse-su-2020:1993-1

opensuse-su-2020:1993-1

Vulnerability from csaf_opensuse

Published

2020-11-21 11:23

Modified

2020-11-21 11:23

Summary

Security update for rmt-server

Notes

Title of the patch

Security update for rmt-server

Description of the patch

This update for rmt-server fixes the following issues: Update to version 2.6.5: - Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one. - Add web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf. - Instead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name. - Fix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps. - Fixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail. - Friendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits: * `rmt-cli mirror repositories` now works for custom repositories. * Custom repository IDs can be the same across RMT instances. * No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output. Deprecation Warnings: * RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility. - Updated rails and puma dependencies for security fixes. This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patchnames

openSUSE-2020-1993

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for rmt-server",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for rmt-server fixes the following issues:\n\nUpdate to version 2.6.5:\n- Solved potential bug of SCC repository URLs changing over time. RMT\n  now self heals by removing the previous invalid repository and\n  creating the correct one.\n- Add web server settings to /etc/rmt.conf:\n  Now it\u0027s possible to configure the minimum and maximum threads count as well\n  the number of web server workers to be booted through /etc/rmt.conf.\n- Instead of using an MD5 of URLs for custom repository friendly_ids,\n  RMT now builds an ID from the name.\n- Fix RMT file caching based on timestamps:\n  Previously, RMT sent GET requests with the header \u0027If-Modified-Since\u0027 to a\n  repository server and if the response had a 304 (Not Modified), it would copy\n  a file from the local cache instead of downloading. However, if the local file\n  timestamp accidentally changed to a date newer than the one on the repository\n  server, RMT would have an outdated file, which caused some errors.\n  Now, RMT makes HEAD requests to the repositories servers and inspect the\n  \u0027Last-Modified\u0027 header to decide whether to download a file or copy it from\n  cache, by comparing the equalness of timestamps.\n- Fixed an issue where relative paths supplied to `rmt-cli import repos`\n  caused the command to fail.\n- Friendlier IDs for custom repositories:\n  In an effort to simplify the handling of SCC and custom repositories,\n  RMT now has friendly IDs. For SCC repositories, it\u0027s the same SCC ID\n  as before. For custom repositories, it can either be user provided\n  or RMT generated (MD5 of the provided URL).\n  Benefits:\n  * `rmt-cli mirror repositories` now works for custom repositories.\n  * Custom repository IDs can be the same across RMT instances.\n  * No more confusing \u0027SCC ID\u0027 vs \u0027ID\u0027 in `rmt-cli` output.\n  Deprecation Warnings:\n  * RMT now uses a different ID for custom repositories than before.\n    RMT still supports that old ID, but it\u0027s recommended to start\n    using the new ID to ensure future compatibility.\n- Updated rails and puma dependencies for security fixes.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-1993",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1993-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:1993-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2W26GJJ7QXIADWB6ZCQWC2BUZD2ALYVT/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:1993-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2W26GJJ7QXIADWB6ZCQWC2BUZD2ALYVT/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1165548",
        "url": "https://bugzilla.suse.com/1165548"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1168554",
        "url": "https://bugzilla.suse.com/1168554"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172177",
        "url": "https://bugzilla.suse.com/1172177"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172182",
        "url": "https://bugzilla.suse.com/1172182"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172184",
        "url": "https://bugzilla.suse.com/1172184"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1172186",
        "url": "https://bugzilla.suse.com/1172186"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1173351",
        "url": "https://bugzilla.suse.com/1173351"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-16770 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-16770/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-5418 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-5418/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-5419 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-5419/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-5420 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-5420/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11076 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11076/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11077 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11077/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-15169 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-15169/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-5247 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-5247/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-5249 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-5249/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-5267 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-5267/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8164 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8164/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8165 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8165/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8166 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8166/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8167 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8167/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8184 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8184/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-8185 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-8185/"
      }
    ],
    "title": "Security update for rmt-server",
    "tracking": {
      "current_release_date": "2020-11-21T11:23:05Z",
      "generator": {
        "date": "2020-11-21T11:23:05Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:1993-1",
      "initial_release_date": "2020-11-21T11:23:05Z",
      "revision_history": [
        {
          "date": "2020-11-21T11:23:05Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rmt-server-2.6.5-lp152.2.3.1.x86_64",
                "product": {
                  "name": "rmt-server-2.6.5-lp152.2.3.1.x86_64",
                  "product_id": "rmt-server-2.6.5-lp152.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
                "product": {
                  "name": "rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
                  "product_id": "rmt-server-config-2.6.5-lp152.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64",
                "product": {
                  "name": "rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64",
                  "product_id": "rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rmt-server-2.6.5-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64"
        },
        "product_reference": "rmt-server-2.6.5-lp152.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rmt-server-config-2.6.5-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64"
        },
        "product_reference": "rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        },
        "product_reference": "rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-16770",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-16770"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma\u0027s reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-16770",
          "url": "https://www.suse.com/security/cve/CVE-2019-16770"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1158675 for CVE-2019-16770",
          "url": "https://bugzilla.suse.com/1158675"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1188527 for CVE-2019-16770",
          "url": "https://bugzilla.suse.com/1188527"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-16770"
    },
    {
      "cve": "CVE-2019-5418",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-5418"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a File Content Disclosure vulnerability in Action View \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system\u0027s filesystem to be exposed.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-5418",
          "url": "https://www.suse.com/security/cve/CVE-2019-5418"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1129272 for CVE-2019-5418",
          "url": "https://bugzilla.suse.com/1129272"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-5418"
    },
    {
      "cve": "CVE-2019-5419",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-5419"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "There is a possible denial of service vulnerability in Action View (Rails) \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-5419",
          "url": "https://www.suse.com/security/cve/CVE-2019-5419"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1129271 for CVE-2019-5419",
          "url": "https://bugzilla.suse.com/1129271"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203810 for CVE-2019-5419",
          "url": "https://bugzilla.suse.com/1203810"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "low"
        }
      ],
      "title": "CVE-2019-5419"
    },
    {
      "cve": "CVE-2019-5420",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-5420"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A remote code execution vulnerability in development mode Rails \u003c5.2.2.1, \u003c6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-5420",
          "url": "https://www.suse.com/security/cve/CVE-2019-5420"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1129268 for CVE-2019-5420",
          "url": "https://bugzilla.suse.com/1129268"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1203810 for CVE-2019-5420",
          "url": "https://bugzilla.suse.com/1203810"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-5420"
    },
    {
      "cve": "CVE-2020-11076",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11076"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11076",
          "url": "https://www.suse.com/security/cve/CVE-2020-11076"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172175 for CVE-2020-11076",
          "url": "https://bugzilla.suse.com/1172175"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172176 for CVE-2020-11076",
          "url": "https://bugzilla.suse.com/1172176"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-11076"
    },
    {
      "cve": "CVE-2020-11077",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11077"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11077",
          "url": "https://www.suse.com/security/cve/CVE-2020-11077"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172175 for CVE-2020-11077",
          "url": "https://bugzilla.suse.com/1172175"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172176 for CVE-2020-11077",
          "url": "https://bugzilla.suse.com/1172176"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-11077"
    },
    {
      "cve": "CVE-2020-15169",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-15169"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View\u0027s translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-15169",
          "url": "https://www.suse.com/security/cve/CVE-2020-15169"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1176421 for CVE-2020-15169",
          "url": "https://bugzilla.suse.com/1176421"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-15169"
    },
    {
      "cve": "CVE-2020-5247",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-5247"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-5247",
          "url": "https://www.suse.com/security/cve/CVE-2020-5247"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1165402 for CVE-2020-5247",
          "url": "https://bugzilla.suse.com/1165402"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1165524 for CVE-2020-5247",
          "url": "https://bugzilla.suse.com/1165524"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-5247"
    },
    {
      "cve": "CVE-2020-5249",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-5249"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-5249",
          "url": "https://www.suse.com/security/cve/CVE-2020-5249"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1165524 for CVE-2020-5249",
          "url": "https://bugzilla.suse.com/1165524"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-5249"
    },
    {
      "cve": "CVE-2020-5267",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-5267"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView\u0027s JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-5267",
          "url": "https://www.suse.com/security/cve/CVE-2020-5267"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1167240 for CVE-2020-5267",
          "url": "https://bugzilla.suse.com/1167240"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-5267"
    },
    {
      "cve": "CVE-2020-8164",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8164"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A deserialization of untrusted data vulnerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8164",
          "url": "https://www.suse.com/security/cve/CVE-2020-8164"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172177 for CVE-2020-8164",
          "url": "https://bugzilla.suse.com/1172177"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-8164"
    },
    {
      "cve": "CVE-2020-8165",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8165"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8165",
          "url": "https://www.suse.com/security/cve/CVE-2020-8165"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172186 for CVE-2020-8165",
          "url": "https://bugzilla.suse.com/1172186"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2020-8165"
    },
    {
      "cve": "CVE-2020-8166",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8166"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A CSRF forgery vulnerability exists in rails \u003c 5.2.5, rails \u003c 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8166",
          "url": "https://www.suse.com/security/cve/CVE-2020-8166"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172182 for CVE-2020-8166",
          "url": "https://bugzilla.suse.com/1172182"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8166"
    },
    {
      "cve": "CVE-2020-8167",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8167"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A CSRF vulnerability exists in rails \u003c= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8167",
          "url": "https://www.suse.com/security/cve/CVE-2020-8167"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1172184 for CVE-2020-8167",
          "url": "https://bugzilla.suse.com/1172184"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8167"
    },
    {
      "cve": "CVE-2020-8184",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8184"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8184",
          "url": "https://www.suse.com/security/cve/CVE-2020-8184"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173351 for CVE-2020-8184",
          "url": "https://bugzilla.suse.com/1173351"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1177352 for CVE-2020-8184",
          "url": "https://bugzilla.suse.com/1177352"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1193081 for CVE-2020-8184",
          "url": "https://bugzilla.suse.com/1193081"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8184"
    },
    {
      "cve": "CVE-2020-8185",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-8185"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A denial of service vulnerability exists in Rails \u003c6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-8185",
          "url": "https://www.suse.com/security/cve/CVE-2020-8185"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1173564 for CVE-2020-8185",
          "url": "https://bugzilla.suse.com/1173564"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:rmt-server-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-config-2.6.5-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:rmt-server-pubcloud-2.6.5-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-11-21T11:23:05Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-8185"
    }
  ]
}

CVE-2020-8164 (GCVE-0-2020-8164)

Vulnerability from cvelistv5

Published

2020-06-19 17:04

Modified

2024-08-04 09:48

Severity ?

CWE

CWE-502 - Deserialization of Untrusted Data ()

Summary

A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.

References

►

URL

Tags

	https://hackerone.com/reports/292797	x_refsource_MISC
	https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4766	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	https://github.com/rails/rails	Version: 5.2.4.3, 6.0.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:48:25.653Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/292797"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"
          },
          {
            "name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
          },
          {
            "name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
          },
          {
            "name": "DSA-4766",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4766"
          },
          {
            "name": "openSUSE-SU-2020:1533",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"
          },
          {
            "name": "openSUSE-SU-2020:1536",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"
          },
          {
            "name": "openSUSE-SU-2020:1575",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/rails/rails",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.4.3, 6.0.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A deserialization of untrusted data vulnerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "Deserialization of Untrusted Data (CWE-502)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-29T14:06:08",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/292797"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"
        },
        {
          "name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
        },
        {
          "name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
        },
        {
          "name": "DSA-4766",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4766"
        },
        {
          "name": "openSUSE-SU-2020:1533",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"
        },
        {
          "name": "openSUSE-SU-2020:1536",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"
        },
        {
          "name": "openSUSE-SU-2020:1575",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8164",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/rails/rails",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.2.4.3, 6.0.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A deserialization of untrusted data vulnerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Deserialization of Untrusted Data (CWE-502)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/292797",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/292797"
            },
            {
              "name": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/rubyonrails-security/c/f6ioe4sdpbY"
            },
            {
              "name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
            },
            {
              "name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
            },
            {
              "name": "DSA-4766",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4766"
            },
            {
              "name": "openSUSE-SU-2020:1533",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00089.html"
            },
            {
              "name": "openSUSE-SU-2020:1536",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00093.html"
            },
            {
              "name": "openSUSE-SU-2020:1575",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00107.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8164",
    "datePublished": "2020-06-19T17:04:13",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:48:25.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8184 (GCVE-0-2020-8184)

Vulnerability from cvelistv5

Published

2020-06-19 00:00

Modified

2024-08-04 09:56

Severity ?

CWE

CWE-784 - Reliance on Cookies without Validation and Integrity Checking in a Security Decision ()

Summary

A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.

References

►

URL

Tags

	https://hackerone.com/reports/895727
	https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak
	https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html	mailing-list
	https://usn.ubuntu.com/4561-1/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	https://github.com/rack/rack	Version: rack >= 2.2.3, rack >= 2.1.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:26.918Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/895727"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak"
          },
          {
            "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2275-1] ruby-rack security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html"
          },
          {
            "name": "USN-4561-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4561-1/"
          },
          {
            "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3298-1] ruby-rack security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/rack/rack",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "rack \u003e= 2.2.3, rack \u003e= 2.1.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A reliance on cookies without validation/integrity check security vulnerability exists in rack \u003c 2.2.3, rack \u003c 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-784",
              "description": "Reliance on Cookies without Validation and Integrity Checking in a Security Decision (CWE-784)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-31T00:00:00",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/895727"
        },
        {
          "url": "https://groups.google.com/g/rubyonrails-security/c/OWtmozPH9Ak"
        },
        {
          "name": "[debian-lts-announce] 20200710 [SECURITY] [DLA 2275-1] ruby-rack security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00006.html"
        },
        {
          "name": "USN-4561-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/4561-1/"
        },
        {
          "name": "[debian-lts-announce] 20230130 [SECURITY] [DLA 3298-1] ruby-rack security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00038.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8184",
    "datePublished": "2020-06-19T00:00:00",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:26.918Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-5420 (GCVE-0-2019-5420)

Vulnerability from cvelistv5

Published

2019-03-27 13:48

Modified

2024-08-04 19:54

Severity ?

CWE

CWE-77 - Command Injection - Generic ()

Summary

A remote code execution vulnerability in development mode Rails <5.2.2.1, <6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit.

References

►

URL

Tags

	https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/	x_refsource_CONFIRM
	https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw	x_refsource_CONFIRM
	http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html	x_refsource_MISC
	https://www.exploit-db.com/exploits/46785/	exploit, x_refsource_EXPLOIT-DB
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	Rails	https://github.com/rails/rails	Version: 5.2.2.1 Version: 6.0.0.beta3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:54:53.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html"
          },
          {
            "name": "46785",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46785/"
          },
          {
            "name": "FEDORA-2019-1cfe24db5c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/rails/rails",
          "vendor": "Rails",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.2.1"
            },
            {
              "status": "affected",
              "version": "6.0.0.beta3"
            }
          ]
        }
      ],
      "datePublic": "2019-03-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability in development mode Rails \u003c5.2.2.1, \u003c6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-77",
              "description": "Command Injection - Generic (CWE-77)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-10T02:06:01",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/IsQKvDqZdKw"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html"
        },
        {
          "name": "46785",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/46785/"
        },
        {
          "name": "FEDORA-2019-1cfe24db5c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2019-5420",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/rails/rails",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.2.2.1"
                          },
                          {
                            "version_value": "6.0.0.beta3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rails"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability in development mode Rails \u003c5.2.2.1, \u003c6.0.0.beta3 can allow an attacker to guess the automatically generated development mode secret token. This secret token can be used in combination with other Rails internals to escalate to a remote code execution exploit."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Command Injection - Generic (CWE-77)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/",
              "refsource": "CONFIRM",
              "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
            },
            {
              "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw",
              "refsource": "CONFIRM",
              "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/IsQKvDqZdKw"
            },
            {
              "name": "http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152704/Ruby-On-Rails-DoubleTap-Development-Mode-secret_key_base-Remote-Code-Execution.html"
            },
            {
              "name": "46785",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/46785/"
            },
            {
              "name": "FEDORA-2019-1cfe24db5c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2019-5420",
    "datePublished": "2019-03-27T13:48:13",
    "dateReserved": "2019-01-04T00:00:00",
    "dateUpdated": "2024-08-04T19:54:53.584Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5267 (GCVE-0-2020-5267)

Vulnerability from cvelistv5

Published

2020-03-19 17:30

Modified

2024-08-04 08:22

Severity ?

4.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Summary

In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView's JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2.

References

►

URL

Tags

	https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv	x_refsource_CONFIRM
	https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2020/03/19/1	mailing-list, x_refsource_MLIST
	https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	rails	actionview	Version: < 5.2.4.2 Version: >= 6.0.0, < 6.0.2.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.079Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a"
          },
          {
            "name": "[oss-security] 20200319 [CVE-2020-5267] Possible XSS vulnerability in ActionView",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/03/19/1"
          },
          {
            "name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2149-1] rails security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html"
          },
          {
            "name": "openSUSE-SU-2020:0627",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html"
          },
          {
            "name": "FEDORA-2020-4dd34860a3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "actionview",
          "vendor": "rails",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.2.4.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0, \u003c 6.0.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView\u0027s JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-05T01:06:18",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a"
        },
        {
          "name": "[oss-security] 20200319 [CVE-2020-5267] Possible XSS vulnerability in ActionView",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/03/19/1"
        },
        {
          "name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2149-1] rails security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html"
        },
        {
          "name": "openSUSE-SU-2020:0627",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html"
        },
        {
          "name": "FEDORA-2020-4dd34860a3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"
        }
      ],
      "source": {
        "advisory": "GHSA-65cv-r6x7-79hv",
        "discovery": "UNKNOWN"
      },
      "title": "Possible XSS vulnerability in ActionView",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5267",
          "STATE": "PUBLIC",
          "TITLE": "Possible XSS vulnerability in ActionView"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "actionview",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 5.2.4.2"
                          },
                          {
                            "version_value": "\u003e= 6.0.0, \u003c 6.0.2.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "rails"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible XSS vulnerability in ActionView\u0027s JavaScript literal escape helpers. Views that use the `j` or `escape_javascript` methods may be susceptible to XSS attacks. The issue is fixed in versions 6.0.2.2 and 5.2.4.2."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv",
              "refsource": "CONFIRM",
              "url": "https://github.com/rails/rails/security/advisories/GHSA-65cv-r6x7-79hv"
            },
            {
              "name": "https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a",
              "refsource": "MISC",
              "url": "https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a"
            },
            {
              "name": "[oss-security] 20200319 [CVE-2020-5267] Possible XSS vulnerability in ActionView",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/03/19/1"
            },
            {
              "name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2149-1] rails security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00022.html"
            },
            {
              "name": "openSUSE-SU-2020:0627",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00019.html"
            },
            {
              "name": "FEDORA-2020-4dd34860a3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-65cv-r6x7-79hv",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-5267",
    "datePublished": "2020-03-19T17:30:16",
    "dateReserved": "2020-01-02T00:00:00",
    "dateUpdated": "2024-08-04T08:22:09.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5247 (GCVE-0-2020-5247)

Vulnerability from cvelistv5

Published

2020-02-28 16:55

Modified

2024-08-04 08:22

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Summary

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters.

References

►

URL

Tags

	https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v	x_refsource_CONFIRM
	https://owasp.org/www-community/attacks/HTTP_Response_Splitting	x_refsource_MISC
	https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	puma	Puma	Version: < 3.12.3 Version: >= 4.0.0, < 4.3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.079Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://owasp.org/www-community/attacks/HTTP_Response_Splitting"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254"
          },
          {
            "name": "FEDORA-2020-a3f26a9387",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/"
          },
          {
            "name": "FEDORA-2020-fd87f90634",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/"
          },
          {
            "name": "FEDORA-2020-08092b4c97",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/"
          },
          {
            "name": "[debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Puma",
          "vendor": "puma",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.12.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-113",
              "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-26T00:06:12",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://owasp.org/www-community/attacks/HTTP_Response_Splitting"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254"
        },
        {
          "name": "FEDORA-2020-a3f26a9387",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/"
        },
        {
          "name": "FEDORA-2020-fd87f90634",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/"
        },
        {
          "name": "FEDORA-2020-08092b4c97",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/"
        },
        {
          "name": "[debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html"
        }
      ],
      "source": {
        "advisory": "GHSA-84j7-475p-hp8v",
        "discovery": "UNKNOWN"
      },
      "title": "HTTP Response Splitting in Puma",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5247",
          "STATE": "PUBLIC",
          "TITLE": "HTTP Response Splitting in Puma"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Puma",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 3.12.3"
                          },
                          {
                            "version_value": "\u003e= 4.0.0, \u003c 4.3.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "puma"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2019-16254, which fixed this vulnerability for the WEBrick Ruby web server. This has been fixed in versions 4.3.2 and 3.12.3 by checking all headers for line endings and rejecting headers with those characters."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v",
              "refsource": "CONFIRM",
              "url": "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v"
            },
            {
              "name": "https://owasp.org/www-community/attacks/HTTP_Response_Splitting",
              "refsource": "MISC",
              "url": "https://owasp.org/www-community/attacks/HTTP_Response_Splitting"
            },
            {
              "name": "https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254",
              "refsource": "MISC",
              "url": "https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254"
            },
            {
              "name": "FEDORA-2020-a3f26a9387",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/"
            },
            {
              "name": "FEDORA-2020-fd87f90634",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/"
            },
            {
              "name": "FEDORA-2020-08092b4c97",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/"
            },
            {
              "name": "[debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-84j7-475p-hp8v",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-5247",
    "datePublished": "2020-02-28T16:55:15",
    "dateReserved": "2020-01-02T00:00:00",
    "dateUpdated": "2024-08-04T08:22:09.079Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-11076 (GCVE-0-2020-11076)

Vulnerability from cvelistv5

Published

2020-05-22 14:50

Modified

2024-08-04 11:21

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Summary

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

References

►

URL

Tags

	https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h	x_refsource_CONFIRM
	https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22	x_refsource_MISC
	https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	puma	puma	Version: < 3.12.5 Version: >= 4.0.0, < 4.3.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd"
          },
          {
            "name": "openSUSE-SU-2020:0990",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
          },
          {
            "name": "openSUSE-SU-2020:1001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
          },
          {
            "name": "FEDORA-2020-fe354f24e8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
          },
          {
            "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "puma",
          "vendor": "puma",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.12.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.3.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-07T12:06:28",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd"
        },
        {
          "name": "openSUSE-SU-2020:0990",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
        },
        {
          "name": "openSUSE-SU-2020:1001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
        },
        {
          "name": "FEDORA-2020-fe354f24e8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
        },
        {
          "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
        }
      ],
      "source": {
        "advisory": "GHSA-x7jg-6pwg-fx5h",
        "discovery": "UNKNOWN"
      },
      "title": "HTTP Smuggling via Transfer-Encoding Header in Puma",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-11076",
          "STATE": "PUBLIC",
          "TITLE": "HTTP Smuggling via Transfer-Encoding Header in Puma"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "puma",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 3.12.5"
                          },
                          {
                            "version_value": "\u003e= 4.0.0, \u003c 4.3.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "puma"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h",
              "refsource": "CONFIRM",
              "url": "https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h"
            },
            {
              "name": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22",
              "refsource": "MISC",
              "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
            },
            {
              "name": "https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd",
              "refsource": "MISC",
              "url": "https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd"
            },
            {
              "name": "openSUSE-SU-2020:0990",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
            },
            {
              "name": "openSUSE-SU-2020:1001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
            },
            {
              "name": "FEDORA-2020-fe354f24e8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
            },
            {
              "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-x7jg-6pwg-fx5h",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-11076",
    "datePublished": "2020-05-22T14:50:12",
    "dateReserved": "2020-03-30T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8165 (GCVE-0-2020-8165)

Vulnerability from cvelistv5

Published

2020-06-19 17:05

Modified

2025-05-09 20:03

Severity ?

CWE

CWE-502 - Deserialization of Untrusted Data ()

Summary

A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.

References

►

URL

Tags

	https://hackerone.com/reports/413388	x_refsource_MISC
	https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c	x_refsource_MISC
	https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html	mailing-list, x_refsource_MLIST
	https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html	mailing-list, x_refsource_MLIST
	https://www.debian.org/security/2020/dsa-4766	vendor-advisory, x_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	https://github.com/rails/rails	Version: Fixed in 5.2.4.3, 6.0.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-05-09T20:03:28.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/413388"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"
          },
          {
            "name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
          },
          {
            "name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
          },
          {
            "name": "DSA-4766",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4766"
          },
          {
            "name": "openSUSE-SU-2020:1677",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"
          },
          {
            "name": "openSUSE-SU-2020:1679",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250509-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/rails/rails",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 5.2.4.3, 6.0.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "Deserialization of Untrusted Data (CWE-502)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-17T11:06:36.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/413388"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"
        },
        {
          "name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
        },
        {
          "name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
        },
        {
          "name": "DSA-4766",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4766"
        },
        {
          "name": "openSUSE-SU-2020:1677",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"
        },
        {
          "name": "openSUSE-SU-2020:1679",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8165",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/rails/rails",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 5.2.4.3, 6.0.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A deserialization of untrusted data vulnernerability exists in rails \u003c 5.2.4.3, rails \u003c 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Deserialization of Untrusted Data (CWE-502)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/413388",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/413388"
            },
            {
              "name": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/rubyonrails-security/c/bv6fW4S0Y1c"
            },
            {
              "name": "[debian-lts-announce] 20200619 [SECURITY] [DLA 2251-1] rails security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html"
            },
            {
              "name": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/",
              "refsource": "CONFIRM",
              "url": "https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/"
            },
            {
              "name": "[debian-lts-announce] 20200720 [SECURITY] [DLA 2282-1] rails security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html"
            },
            {
              "name": "DSA-4766",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4766"
            },
            {
              "name": "openSUSE-SU-2020:1677",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00031.html"
            },
            {
              "name": "openSUSE-SU-2020:1679",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00034.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8165",
    "datePublished": "2020-06-19T17:05:30.000Z",
    "dateReserved": "2020-01-28T00:00:00.000Z",
    "dateUpdated": "2025-05-09T20:03:28.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8167 (GCVE-0-2020-8167)

Vulnerability from cvelistv5

Published

2020-06-19 17:16

Modified

2024-08-04 09:48

Severity ?

CWE

CWE-352 - Cross-Site Request Forgery (CSRF) ()

Summary

A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.

References

►

URL

Tags

	https://hackerone.com/reports/189878	x_refsource_MISC
	https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0	x_refsource_MISC
	https://www.debian.org/security/2020/dsa-4766	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	http://github.com/rails/rails	Version: Fixed in 5.2.4.3, 6.0.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:48:25.785Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/189878"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0"
          },
          {
            "name": "DSA-4766",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4766"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "http://github.com/rails/rails",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 5.2.4.3, 6.0.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CSRF vulnerability exists in rails \u003c= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-25T11:06:22",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/189878"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0"
        },
        {
          "name": "DSA-4766",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4766"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8167",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "http://github.com/rails/rails",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 5.2.4.3, 6.0.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CSRF vulnerability exists in rails \u003c= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Request Forgery (CSRF) (CWE-352)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/189878",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/189878"
            },
            {
              "name": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/rubyonrails-security/c/x9DixQDG9a0"
            },
            {
              "name": "DSA-4766",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4766"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8167",
    "datePublished": "2020-06-19T17:16:06",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:48:25.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8185 (GCVE-0-2020-8185)

Vulnerability from cvelistv5

Published

2020-07-02 18:35

Modified

2024-08-04 09:56

Severity ?

CWE

CWE-400 - Denial of Service ()

Summary

A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production.

References

►

URL

Tags

	https://hackerone.com/reports/899069	x_refsource_MISC
	https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	n/a	https://github.com/rails/rails	Version: Fixed in 6.0.3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:56:28.317Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/899069"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0"
          },
          {
            "name": "FEDORA-2020-4dd34860a3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/rails/rails",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 6.0.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A denial of service vulnerability exists in Rails \u003c6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Denial of Service (CWE-400)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-05T01:06:17",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/899069"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0"
        },
        {
          "name": "FEDORA-2020-4dd34860a3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8185",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/rails/rails",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 6.0.3.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A denial of service vulnerability exists in Rails \u003c6.0.3.2 that allowed an untrusted user to run any pending migrations on a Rails app running in production."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (CWE-400)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/899069",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/899069"
            },
            {
              "name": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0"
            },
            {
              "name": "FEDORA-2020-4dd34860a3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8185",
    "datePublished": "2020-07-02T18:35:06",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:56:28.317Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-5418 (GCVE-0-2019-5418)

Vulnerability from cvelistv5

Published

2019-03-27 13:38

Modified

2025-07-30 01:46

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-22 - Path Traversal ()

Summary

There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.

References

►

URL

Tags

	https://www.exploit-db.com/exploits/46585/	exploit, x_refsource_EXPLOIT-DB
	http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html	x_refsource_MISC
	http://www.openwall.com/lists/oss-security/2019/03/22/1	mailing-list, x_refsource_MLIST
	https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/	x_refsource_CONFIRM
	https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:0796	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/	vendor-advisory, x_refsource_FEDORA
	https://access.redhat.com/errata/RHSA-2019:1149	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1147	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1289	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	Rails	https://github.com/rails/rails	Version: 5.2.2.1 Version: 5.1.6.2 Version: 5.0.7.2 Version: 4.2.11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:54:53.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "46585",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/46585/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html"
          },
          {
            "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q"
          },
          {
            "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"
          },
          {
            "name": "RHSA-2019:0796",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0796"
          },
          {
            "name": "openSUSE-SU-2019:1344",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"
          },
          {
            "name": "FEDORA-2019-1cfe24db5c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
          },
          {
            "name": "RHSA-2019:1149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1149"
          },
          {
            "name": "RHSA-2019:1147",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1147"
          },
          {
            "name": "RHSA-2019:1289",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1289"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2019-5418",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-17T03:55:43.688900Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-07-07",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-5418"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-30T01:46:06.467Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "url": "https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-07-07T00:00:00+00:00",
            "value": "CVE-2019-5418 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/rails/rails",
          "vendor": "Rails",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.2.1"
            },
            {
              "status": "affected",
              "version": "5.1.6.2"
            },
            {
              "status": "affected",
              "version": "5.0.7.2"
            },
            {
              "status": "affected",
              "version": "4.2.11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-13T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a File Content Disclosure vulnerability in Action View \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system\u0027s filesystem to be exposed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Path Traversal (CWE-22)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-11T18:33:30.000Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "name": "46585",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/46585/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html"
        },
        {
          "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/pFRKI96Sm8Q"
        },
        {
          "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"
        },
        {
          "name": "RHSA-2019:0796",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0796"
        },
        {
          "name": "openSUSE-SU-2019:1344",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"
        },
        {
          "name": "FEDORA-2019-1cfe24db5c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
        },
        {
          "name": "RHSA-2019:1149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1149"
        },
        {
          "name": "RHSA-2019:1147",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1147"
        },
        {
          "name": "RHSA-2019:1289",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1289"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2019-5418",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/rails/rails",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.2.2.1"
                          },
                          {
                            "version_value": "5.1.6.2"
                          },
                          {
                            "version_value": "5.0.7.2"
                          },
                          {
                            "version_value": "4.2.11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rails"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a File Content Disclosure vulnerability in Action View \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system\u0027s filesystem to be exposed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Path Traversal (CWE-22)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "46585",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/46585/"
            },
            {
              "name": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/152178/Rails-5.2.1-Arbitrary-File-Content-Disclosure.html"
            },
            {
              "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1"
            },
            {
              "name": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/",
              "refsource": "CONFIRM",
              "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
            },
            {
              "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q",
              "refsource": "CONFIRM",
              "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q"
            },
            {
              "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"
            },
            {
              "name": "RHSA-2019:0796",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0796"
            },
            {
              "name": "openSUSE-SU-2019:1344",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"
            },
            {
              "name": "FEDORA-2019-1cfe24db5c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
            },
            {
              "name": "RHSA-2019:1149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1149"
            },
            {
              "name": "RHSA-2019:1147",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1147"
            },
            {
              "name": "RHSA-2019:1289",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1289"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2019-5418",
    "datePublished": "2019-03-27T13:38:58.000Z",
    "dateReserved": "2019-01-04T00:00:00.000Z",
    "dateUpdated": "2025-07-30T01:46:06.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-15169 (GCVE-0-2020-15169)

Vulnerability from cvelistv5

Published

2020-09-11 15:50

Modified

2024-08-04 13:08

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE

CWE-79 - Cross-site Scripting (XSS)

Summary

In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory.

References

►

URL

Tags

	https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5	x_refsource_CONFIRM
	https://www.debian.org/security/2020/dsa-4766	vendor-advisory, x_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	rails	actionview	Version: < 5.2.4.4 Version: >= 6.0.0.0, < 6.0.3.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5"
          },
          {
            "name": "DSA-4766",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4766"
          },
          {
            "name": "FEDORA-2020-4dd34860a3",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"
          },
          {
            "name": "[debian-lts-announce] 20201009 [SECURITY] [DLA 2403-1] rails security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "actionview",
          "vendor": "rails",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 5.2.4.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 6.0.0.0, \u003c 6.0.3.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View\u0027s translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting (XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-09T20:06:10",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5"
        },
        {
          "name": "DSA-4766",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4766"
        },
        {
          "name": "FEDORA-2020-4dd34860a3",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"
        },
        {
          "name": "[debian-lts-announce] 20201009 [SECURITY] [DLA 2403-1] rails security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html"
        }
      ],
      "source": {
        "advisory": "GHSA-cfjv-5498-mph5",
        "discovery": "UNKNOWN"
      },
      "title": "XSS in Action View",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15169",
          "STATE": "PUBLIC",
          "TITLE": "XSS in Action View"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "actionview",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 5.2.4.4"
                          },
                          {
                            "version_value": "\u003e= 6.0.0.0, \u003c 6.0.3.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "rails"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potential Cross-Site Scripting (XSS) vulnerability in Action View\u0027s translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped. This is patched in versions 6.0.3.3 and 5.2.4.4. A workaround without upgrading is proposed in the source advisory."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79 Cross-site Scripting (XSS)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5",
              "refsource": "CONFIRM",
              "url": "https://github.com/rails/rails/security/advisories/GHSA-cfjv-5498-mph5"
            },
            {
              "name": "DSA-4766",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4766"
            },
            {
              "name": "FEDORA-2020-4dd34860a3",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJ7NUWXAEVRQCROIIBV4C6WXO6IR3KSB/"
            },
            {
              "name": "[debian-lts-announce] 20201009 [SECURITY] [DLA 2403-1] rails security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-cfjv-5498-mph5",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15169",
    "datePublished": "2020-09-11T15:50:12",
    "dateReserved": "2020-06-25T00:00:00",
    "dateUpdated": "2024-08-04T13:08:22.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-11077 (GCVE-0-2020-11077)

Vulnerability from cvelistv5

Published

2020-05-22 14:55

Modified

2024-08-04 11:21

Severity ?

6.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Summary

In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.

References

►

URL

Tags

	https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22	x_refsource_MISC
	https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/	vendor-advisory, x_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	puma	puma	Version: < 3.12.6 Version: >= 4.0.0, < 4.3.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
          },
          {
            "name": "openSUSE-SU-2020:0990",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
          },
          {
            "name": "openSUSE-SU-2020:1001",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
          },
          {
            "name": "FEDORA-2020-fe354f24e8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
          },
          {
            "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "puma",
          "vendor": "puma",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.12.6"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.3.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-07T12:06:27",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
        },
        {
          "name": "openSUSE-SU-2020:0990",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
        },
        {
          "name": "openSUSE-SU-2020:1001",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
        },
        {
          "name": "FEDORA-2020-fe354f24e8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
        },
        {
          "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
        }
      ],
      "source": {
        "advisory": "GHSA-w64w-qqph-5gxm",
        "discovery": "UNKNOWN"
      },
      "title": "HTTP Smuggling via Transfer-Encoding Header in Puma",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-11077",
          "STATE": "PUBLIC",
          "TITLE": "HTTP Smuggling via Transfer-Encoding Header in Puma"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "puma",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 3.12.6"
                          },
                          {
                            "version_value": "\u003e= 4.0.0, \u003c 4.3.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "puma"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request\u0027s body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22",
              "refsource": "MISC",
              "url": "https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22"
            },
            {
              "name": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm",
              "refsource": "CONFIRM",
              "url": "https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm"
            },
            {
              "name": "openSUSE-SU-2020:0990",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html"
            },
            {
              "name": "openSUSE-SU-2020:1001",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html"
            },
            {
              "name": "FEDORA-2020-fe354f24e8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/"
            },
            {
              "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2398-1] puma security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-w64w-qqph-5gxm",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-11077",
    "datePublished": "2020-05-22T14:55:13",
    "dateReserved": "2020-03-30T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-5419 (GCVE-0-2019-5419)

Vulnerability from cvelistv5

Published

2019-03-27 13:43

Modified

2024-08-04 19:54

Severity ?

CWE

CWE-400 - Denial of Service ()

Summary

There is a possible denial of service vulnerability in Action View (Rails) <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive.

References

►

URL

Tags

	http://www.openwall.com/lists/oss-security/2019/03/22/1	mailing-list, x_refsource_MLIST
	https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/	x_refsource_CONFIRM
	https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html	mailing-list, x_refsource_MLIST
	https://access.redhat.com/errata/RHSA-2019:0796	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html	vendor-advisory, x_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/	vendor-advisory, x_refsource_FEDORA
	https://access.redhat.com/errata/RHSA-2019:1149	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1147	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:1289	vendor-advisory, x_refsource_REDHAT
	http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	Rails	https://github.com/rails/rails	Version: 5.2.2.1 Version: 5.1.6.2 Version: 5.0.7.2 Version: 4.2.11.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:54:53.468Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI"
          },
          {
            "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"
          },
          {
            "name": "RHSA-2019:0796",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0796"
          },
          {
            "name": "openSUSE-SU-2019:1344",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"
          },
          {
            "name": "FEDORA-2019-1cfe24db5c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
          },
          {
            "name": "RHSA-2019:1149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1149"
          },
          {
            "name": "RHSA-2019:1147",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1147"
          },
          {
            "name": "RHSA-2019:1289",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1289"
          },
          {
            "name": "openSUSE-SU-2019:1527",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
          },
          {
            "name": "openSUSE-SU-2019:1824",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/rails/rails",
          "vendor": "Rails",
          "versions": [
            {
              "status": "affected",
              "version": "5.2.2.1"
            },
            {
              "status": "affected",
              "version": "5.1.6.2"
            },
            {
              "status": "affected",
              "version": "5.0.7.2"
            },
            {
              "status": "affected",
              "version": "4.2.11.1"
            }
          ]
        }
      ],
      "datePublic": "2019-03-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "There is a possible denial of service vulnerability in Action View (Rails) \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "Denial of Service (CWE-400)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-01T20:06:09",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groups.google.com/forum/#%21topic/rubyonrails-security/GN7w9fFAQeI"
        },
        {
          "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"
        },
        {
          "name": "RHSA-2019:0796",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0796"
        },
        {
          "name": "openSUSE-SU-2019:1344",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"
        },
        {
          "name": "FEDORA-2019-1cfe24db5c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
        },
        {
          "name": "RHSA-2019:1149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1149"
        },
        {
          "name": "RHSA-2019:1147",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1147"
        },
        {
          "name": "RHSA-2019:1289",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1289"
        },
        {
          "name": "openSUSE-SU-2019:1527",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
        },
        {
          "name": "openSUSE-SU-2019:1824",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2019-5419",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/rails/rails",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.2.2.1"
                          },
                          {
                            "version_value": "5.1.6.2"
                          },
                          {
                            "version_value": "5.0.7.2"
                          },
                          {
                            "version_value": "4.2.11.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Rails"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "There is a possible denial of service vulnerability in Action View (Rails) \u003c5.2.2.1, \u003c5.1.6.2, \u003c5.0.7.2, \u003c4.2.11.1 where specially crafted accept headers can cause action view to consume 100% cpu and make the server unresponsive."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service (CWE-400)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20190322 [CVE-2019-5418] Amendment: Possible Remote Code Execution Exploit in Action View",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/03/22/1"
            },
            {
              "name": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/",
              "refsource": "CONFIRM",
              "url": "https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/"
            },
            {
              "name": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI",
              "refsource": "CONFIRM",
              "url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GN7w9fFAQeI"
            },
            {
              "name": "[debian-lts-announce] 20190331 [SECURITY] [DLA 1739-1] rails security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00042.html"
            },
            {
              "name": "RHSA-2019:0796",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:0796"
            },
            {
              "name": "openSUSE-SU-2019:1344",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00011.html"
            },
            {
              "name": "FEDORA-2019-1cfe24db5c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y43636TH4D6T46IC6N2RQVJTRFJAAYGA/"
            },
            {
              "name": "RHSA-2019:1149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1149"
            },
            {
              "name": "RHSA-2019:1147",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1147"
            },
            {
              "name": "RHSA-2019:1289",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:1289"
            },
            {
              "name": "openSUSE-SU-2019:1527",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00025.html"
            },
            {
              "name": "openSUSE-SU-2019:1824",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00001.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2019-5419",
    "datePublished": "2019-03-27T13:43:19",
    "dateReserved": "2019-01-04T00:00:00",
    "dateUpdated": "2024-08-04T19:54:53.468Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-5249 (GCVE-0-2020-5249)

Vulnerability from cvelistv5

Published

2020-03-02 15:20

Modified

2024-08-04 08:22

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CWE

CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Summary

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4.

References

►

URL

Tags

	https://owasp.org/www-community/attacks/HTTP_Response_Splitting	x_refsource_MISC
	https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58	x_refsource_CONFIRM
	https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v	x_refsource_MISC
	https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/	vendor-advisory, x_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/	vendor-advisory, x_refsource_FEDORA

Impacted products

	Vendor	Product	Version
	puma	Puma	Version: < 3.12.4 Version: >= 4.0.0, < 4.3.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:22:09.092Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://owasp.org/www-community/attacks/HTTP_Response_Splitting"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3"
          },
          {
            "name": "FEDORA-2020-a3f26a9387",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/"
          },
          {
            "name": "FEDORA-2020-fd87f90634",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/"
          },
          {
            "name": "FEDORA-2020-08092b4c97",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Puma",
          "vendor": "puma",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.12.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.3.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-113",
              "description": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-04-09T19:06:03",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://owasp.org/www-community/attacks/HTTP_Response_Splitting"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3"
        },
        {
          "name": "FEDORA-2020-a3f26a9387",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/"
        },
        {
          "name": "FEDORA-2020-fd87f90634",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/"
        },
        {
          "name": "FEDORA-2020-08092b4c97",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/"
        }
      ],
      "source": {
        "advisory": "GHSA-33vf-4xgg-9r58",
        "discovery": "UNKNOWN"
      },
      "title": "HTTP Response Splitting (Early Hints) in Puma",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-5249",
          "STATE": "PUBLIC",
          "TITLE": "HTTP Response Splitting (Early Hints) in Puma"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Puma",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 3.12.4"
                          },
                          {
                            "version_value": "\u003e= 4.0.0, \u003c 4.3.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "puma"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is known as HTTP Response Splitting. While not an attack in itself, response splitting is a vector for several other attacks, such as cross-site scripting (XSS). This is related to CVE-2020-5247, which fixed this vulnerability but only for regular responses. This has been fixed in 4.3.3 and 3.12.4."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Response Splitting\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://owasp.org/www-community/attacks/HTTP_Response_Splitting",
              "refsource": "MISC",
              "url": "https://owasp.org/www-community/attacks/HTTP_Response_Splitting"
            },
            {
              "name": "https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58",
              "refsource": "CONFIRM",
              "url": "https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58"
            },
            {
              "name": "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v",
              "refsource": "MISC",
              "url": "https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v"
            },
            {
              "name": "https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3",
              "refsource": "MISC",
              "url": "https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3"
            },
            {
              "name": "FEDORA-2020-a3f26a9387",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/"
            },
            {
              "name": "FEDORA-2020-fd87f90634",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/"
            },
            {
              "name": "FEDORA-2020-08092b4c97",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-33vf-4xgg-9r58",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-5249",
    "datePublished": "2020-03-02T15:20:21",
    "dateReserved": "2020-01-02T00:00:00",
    "dateUpdated": "2024-08-04T08:22:09.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-16770 (GCVE-0-2019-16770)

Vulnerability from cvelistv5

Published

2019-12-05 19:35

Modified

2024-08-05 01:24

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.

References

►

URL

Tags

	https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	puma	puma	Version: < 4.3.1 < 4.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:24:48.578Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994"
          },
          {
            "name": "[debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "puma",
          "vendor": "puma",
          "versions": [
            {
              "lessThan": "4.3.1",
              "status": "affected",
              "version": "\u003c 4.3.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma\u0027s reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-05-26T00:06:11",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994"
        },
        {
          "name": "[debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html"
        }
      ],
      "source": {
        "advisory": "GHSA-7xx3-m584-x994",
        "discovery": "UNKNOWN"
      },
      "title": "Potential DOS attack in Puma",
      "workarounds": [
        {
          "lang": "en",
          "value": "Reverse proxies in front of Puma could be configured to always allow less than X keepalive connections to a Puma cluster or process, where X is the number of threads configured in Puma\u0027s thread pool."
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2019-16770",
          "STATE": "PUBLIC",
          "TITLE": "Potential DOS attack in Puma"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "puma",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "\u003c 4.3.1",
                            "version_value": "4.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "puma"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma\u0027s reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-770 Allocation of Resources Without Limits or Throttling"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994",
              "refsource": "CONFIRM",
              "url": "https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994"
            },
            {
              "name": "[debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-7xx3-m584-x994",
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Reverse proxies in front of Puma could be configured to always allow less than X keepalive connections to a Puma cluster or process, where X is the number of threads configured in Puma\u0027s thread pool."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2019-16770",
    "datePublished": "2019-12-05T19:35:14",
    "dateReserved": "2019-09-24T00:00:00",
    "dateUpdated": "2024-08-05T01:24:48.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-8166 (GCVE-0-2020-8166)

Vulnerability from cvelistv5

Published

2020-07-02 18:35

Modified

2024-08-04 09:48

Severity ?

CWE

CWE-352 - Cross-Site Request Forgery (CSRF) ()

Summary

A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token.

References

►

URL

Tags

	https://hackerone.com/reports/732415	x_refsource_MISC
	https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw	x_refsource_MISC
	https://www.debian.org/security/2020/dsa-4766	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	https://github.com/rails/rails	Version: Fixed in 5.2.4.3, 6.0.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:48:25.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/732415"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
          },
          {
            "name": "DSA-4766",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4766"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/rails/rails",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in 5.2.4.3, 6.0.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A CSRF forgery vulnerability exists in rails \u003c 5.2.5, rails \u003c 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "Cross-Site Request Forgery (CSRF) (CWE-352)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-09-25T11:06:21",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/732415"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
        },
        {
          "name": "DSA-4766",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4766"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "support@hackerone.com",
          "ID": "CVE-2020-8166",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "https://github.com/rails/rails",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in 5.2.4.3, 6.0.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A CSRF forgery vulnerability exists in rails \u003c 5.2.5, rails \u003c 6.0.4 that makes it possible for an attacker to, given a global CSRF token such as the one present in the authenticity_token meta tag, forge a per-form CSRF token."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Request Forgery (CSRF) (CWE-352)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://hackerone.com/reports/732415",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/732415"
            },
            {
              "name": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw",
              "refsource": "MISC",
              "url": "https://groups.google.com/g/rubyonrails-security/c/NOjKiGeXUgw"
            },
            {
              "name": "DSA-4766",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4766"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2020-8166",
    "datePublished": "2020-07-02T18:35:17",
    "dateReserved": "2020-01-28T00:00:00",
    "dateUpdated": "2024-08-04T09:48:25.645Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2020:1993-1

Vulnerability from csaf_opensuse

CVE-2020-8164 (GCVE-0-2020-8164)

Vulnerability from cvelistv5

CVE-2020-8184 (GCVE-0-2020-8184)

Vulnerability from cvelistv5

CVE-2019-5420 (GCVE-0-2019-5420)

Vulnerability from cvelistv5

CVE-2020-5267 (GCVE-0-2020-5267)

Vulnerability from cvelistv5

CVE-2020-5247 (GCVE-0-2020-5247)

Vulnerability from cvelistv5

CVE-2020-11076 (GCVE-0-2020-11076)

Vulnerability from cvelistv5

CVE-2020-8165 (GCVE-0-2020-8165)

Vulnerability from cvelistv5

CVE-2020-8167 (GCVE-0-2020-8167)

Vulnerability from cvelistv5

CVE-2020-8185 (GCVE-0-2020-8185)

Vulnerability from cvelistv5

CVE-2019-5418 (GCVE-0-2019-5418)

Vulnerability from cvelistv5

CVE-2020-15169 (GCVE-0-2020-15169)

Vulnerability from cvelistv5

CVE-2020-11077 (GCVE-0-2020-11077)

Vulnerability from cvelistv5

CVE-2019-5419 (GCVE-0-2019-5419)

Vulnerability from cvelistv5

CVE-2020-5249 (GCVE-0-2020-5249)

Vulnerability from cvelistv5

CVE-2019-16770 (GCVE-0-2019-16770)

Vulnerability from cvelistv5

CVE-2020-8166 (GCVE-0-2020-8166)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature