Back to bug 1816187
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Marian Rehak | 2020-03-23 14:03:59 UTC | Depends On | 1816189 | |
| Marian Rehak | 2020-03-23 14:04:07 UTC | Blocks | 1816188 | |
| Hardik Vyas | 2020-03-24 11:57:19 UTC | Fixed In Version | puma 4.3.2, puma 3.12.3 | |
| Doc Text | A flaw was discovered in rubygem-puma, where it did not properly forbid untrusted input in a response header. An attacker with ability to tamper with HTTP headers could use this flaw to inject a new-line and insert malicious content allowing a HTTP response splitting which exposes the risk of attacks such as cross-site scripting. | |||
| Hardik Vyas | 2020-03-24 12:01:22 UTC | Doc Text | A flaw was discovered in rubygem-puma, where it did not properly forbid untrusted input in a response header. An attacker with ability to tamper with HTTP headers could use this flaw to inject a new-line and insert malicious content allowing a HTTP response splitting which exposes the risk of attacks such as cross-site scripting. | A flaw was discovered in rubygem-puma, where it did not properly forbid untrusted input in a response header. An attacker with ability to tamper with HTTP headers could use this flaw to inject a new-line and insert malicious content allowing an HTTP response splitting which exposes the risk of attacks such as cross-site scripting. |
| Hardik Vyas | 2020-03-24 13:47:13 UTC | Depends On | 1816666 | |
| RaTasha Tillery-Smith | 2020-03-24 14:52:16 UTC | Doc Text | A flaw was discovered in rubygem-puma, where it did not properly forbid untrusted input in a response header. An attacker with ability to tamper with HTTP headers could use this flaw to inject a new-line and insert malicious content allowing an HTTP response splitting which exposes the risk of attacks such as cross-site scripting. | A flaw was discovered in rubygem-puma, where it did not properly forbid untrusted input in a response header. This flaw allows an attacker with the ability to tamper with HTTP headers to inject a new-line and insert malicious content, allowing an HTTP response splitting, which exposes the risk of attacks such as cross-site scripting. |
| RaTasha Tillery-Smith | 2020-03-24 18:43:04 UTC | Doc Text | A flaw was discovered in rubygem-puma, where it did not properly forbid untrusted input in a response header. This flaw allows an attacker with the ability to tamper with HTTP headers to inject a new-line and insert malicious content, allowing an HTTP response splitting, which exposes the risk of attacks such as cross-site scripting. | A flaw was discovered in rubygem-puma, where it did not properly forbid untrusted input in a response header. This flaw allows an attacker with the ability to tamper with HTTP headers to insert a new-line and insert malicious content, allowing an HTTP response splitting, which exposes the risk of attacks such as cross-site scripting. |
| Yadnyawalk Tale | 2020-03-27 06:45:23 UTC | Depends On | 1817859 | |
| Doran Moppert | 2020-04-01 09:32:50 UTC | Depends On | 1819661 | |
| PnT Account Manager | 2020-09-10 21:20:20 UTC | CC | vbellur | |
| Red Hat Bugzilla | 2021-04-04 12:47:11 UTC | CC | obarenbo | |
| Red Hat Bugzilla | 2021-07-01 12:32:08 UTC | CC | puebele | |
| Red Hat Bugzilla | 2021-07-27 00:20:10 UTC | CC | jfrey | |
| Chess Hazlett | 2021-11-03 23:40:32 UTC | Blocks | 1997390 | |
| Chess Hazlett | 2021-11-03 23:45:48 UTC | CC | amackenz, amasferr, chazlett, drieden, mkudlej, tjochec | |
| Red Hat Bugzilla | 2023-05-15 18:09:25 UTC | CC | drieden | |
| Red Hat Bugzilla | 2023-07-07 08:33:11 UTC | Assignee | security-response-team | nobody |
Back to bug 1816187