Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-41136 - log back

CVE-2021-41136 edited at 15 Jun 2022 18:47:43

Severity

-	Unknown
+	Low

Remote

-	Unknown
+	Remote

Description

+	Using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. Puma is only aware of a single proxy server which has this behavior.

References

+	https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f
+	https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx

Notes

CVE-2021-41136 created at 15 Jun 2022 18:43:21