CVE-2020-5247

Risk Scores

Affected Products

Exploit Intelligence

• https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v (circl)
• https://owasp.org/www-community/attacks/HTTP_Response_Splitting (circl)
• https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254 (circl)
• FEDORA-2020-a3f26a9387 (circl)
• FEDORA-2020-fd87f90634 (circl)
• FEDORA-2020-08092b4c97 (circl)
• [debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update (circl)
• file.History.html (github-poc)
• file.History.html (github-poc)
• file.History.html (github-poc)

…and 6 more exploits

Timeline

• Feb 28, 2020 CVE Published
• Apr 9, 2020 CVE Updated
• Apr 14, 2021 EPSS Score
• Aug 24, 2021 EPSS Score
• Dec 27, 2021 EPSS Score
• Feb 4, 2022 EPSS Score
• Apr 1, 2022 EPSS Score
• May 1, 2022 EPSS Score
• Sep 4, 2022 EPSS Score
• Jan 8, 2023 EPSS Score
• May 13, 2023 EPSS Score
• Sep 15, 2023 EPSS Score

References

• https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v url
• https://lists.debian.org/debian-lts-announce/2022/05/msg00034.html url
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BMJ3CGZ3DLBJ5WUUKMI5ZFXFJQMXJZIK/ url
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DIHVO3CQMU7BZC7FCTSRJ33YDNS3GFPK/ url
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NJ3LL5F5QADB6LM46GXZETREAKZMQNRD/ url
• https://owasp.org/www-community/attacks/HTTP_Response_Splitting url
• https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254 url
• https://nvd.nist.gov/vuln/detail/CVE-2020-5247 url