ADVISORIES

• CVE-2023-40175 (NVD)
• GHSA-68xg-gqqm-vgj8
• Vendor Advisory

GEM

puma

SEVERITY

CVSS v3.x: 6.5 (Medium)

PATCHED VERSIONS

• ~> 5.6.7
• >= 6.3.1

DESCRIPTION

Impact

Prior to version 6.3.1, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling.

The following vulnerabilities are addressed by this advisory:

• Incorrect parsing of trailing fields in chunked transfer encoding bodies
• Parsing of blank/zero-length Content-Length headers\r\n

Patches

The vulnerability has been fixed in 6.3.1 and 5.6.7.

Workarounds

No known workarounds.

References

HTTP Request Smuggling

RELATED

• https://github.com/puma/puma/releases/tag/v5.6.7
• https://github.com/puma/puma/releases/tag/v6.3.1
• https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a
• https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1
• https://github.com/advisories/GHSA-68xg-gqqm-vgj8