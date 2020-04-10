Vigil@nce - RubyGem Puma: information disclosure via Carriage Return Response Splitting

June 2020 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/computer-vulne...

SYNTHESIS OF THE VULNERABILITY

Impacted products: Fedora.

Severity: 2/4.

Consequences: data reading.

Provenance: internet client.

Confidence: confirmed by the editor (5/5).

Creation date: 10/04/2020.

DESCRIPTION OF THE VULNERABILITY

An attacker can bypass access restrictions to data via Carriage Return Response Splitting of RubyGem Puma, in order to obtain sensitive information.

ACCESS TO THE FULL VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/...