VDB
CVE-2023-40175
CVE-2023-40175
PUBLISHED
CVSS 7.300000190734863 HIGH
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
EPSS 0.38% · 59.7th percentile
Risk Scores
CVSS 3.1
7.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.38%
59.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RubyGems | gitlab-puma | 0, 6.0.0, 0 |
| puma | puma | >= 6.0.0, < 6.3.1, < 5.6.7, >= 6.0.0, < 6.3.1 |
| puma | puma | 0, 6.0.0, 0 |
| RubyGems | puma | 6.0.0, 0, 0 |
Exploit Intelligence
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
- .bundler-audit.yml (github-poc)
Timeline
- Aug 18, 2023 CVE Published
- Aug 19, 2023 EPSS Score
- Sep 21, 2023 EPSS Score
- Oct 25, 2023 EPSS Score
- Nov 27, 2023 EPSS Score
- Feb 1, 2024 EPSS Score
- Mar 6, 2024 EPSS Score
- Apr 8, 2024 EPSS Score
- May 11, 2024 EPSS Score
- Jun 13, 2024 EPSS Score
- Jul 17, 2024 EPSS Score
- Aug 19, 2024 EPSS Score
References
- https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8 url
- https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a url
- https://nvd.nist.gov/vuln/detail/CVE-2023-40175 advisory
- https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1 patch
- https://github.com/puma/puma/releases/tag/v5.6.7 url
- https://github.com/puma/puma/releases/tag/v6.3.1 url
- https://github.com/advisories/GHSA-68xg-gqqm-vgj8 advisory