[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-11076":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":29,"downstream":30,"duplicates":81,"related":82,"reserved_at":9,"published_at":104,"modified_at":105,"state":106,"summary":107,"references_raw":116,"kevs":156,"epss":157,"epss_history":160,"metrics":412,"affected":424},"CVE-2020-11076","In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[],[],[31,33,35,37,39,41,43,45,47,49,51,53,55,57,59,61,63,65,67,69,71,73,75,77,79],{"_key":32},"OPENSUSE-SU-2024:13720-1",{"_key":34},"SUSE-RU-2020:2072-1",{"_key":36},"SUSE-SU-2020:1901-1",{"_key":38},"SUSE-SU-2020:1919-1",{"_key":40},"SUSE-SU-2020:2060-1",{"_key":42},"SUSE-SU-2020:3036-1",{"_key":44},"SUSE-SU-2020:3147-1",{"_key":46},"SUSE-SU-2020:3160-1",{"_key":48},"UBUNTU-CVE-2020-11076",{"_key":50},"OPENSUSE-SU-2020:0990-1",{"_key":52},"OPENSUSE-SU-2020:1001-1",{"_key":54},"OPENSUSE-SU-2020:1993-1",{"_key":56},"OPENSUSE-SU-2020:2000-1",{"_key":58},"OPENSUSE-SU-2024:10589-1",{"_key":60},"OPENSUSE-SU-2024:11830-1",{"_key":62},"OPENSUSE-SU-2024:11847-1",{"_key":64},"OPENSUSE-SU-2024:12592-1",{"_key":66},"OPENSUSE-SU-2024:12900-1",{"_key":68},"OPENSUSE-SU-2024:13166-1",{"_key":70},"OPENSUSE-SU-2024:13721-1",{"_key":72},"OPENSUSE-SU-2025:15123-1",{"_key":74},"DLA-2398-1",{"_key":76},"OPENSUSE-SU-2026:10357-1",{"_key":78},"USN-6682-1",{"_key":80},"DEBIAN-CVE-2020-11076",[],[83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103],{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":50},{"_key":52},{"_key":54},{"_key":56},{"_key":58},{"_key":60},{"_key":62},{"_key":64},{"_key":66},{"_key":68},{"_key":70},{"_key":72},{"_key":76},"2020-05-22T14:50:12.000Z","2024-08-04T11:21:14.684Z","Modified",{"cisa_kev":108,"cisa_ransomware":108,"cisa_vendor":9,"epss_severity":109,"epss_score":110,"severity":111,"severity_score":112,"severity_version":113,"severity_source":114,"severity_vector":115,"severity_status":106},false,"low",0.01782,"high",7.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[117,124,130,135,142,146,151],{"url":118,"sources":119,"tags":121},"https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h",[114,120],"nvd",[122,123],"X Refsource CONFIRM","Third Party Advisory",{"url":125,"sources":126,"tags":127},"https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22",[114,120],[128,129],"X Refsource MISC","Release Notes",{"url":131,"sources":132,"tags":133},"https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd",[114,120],[128,134],"Patch",{"url":136,"sources":137,"tags":138},"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html",[114,120],[139,140,141,123],"Vendor Advisory","X Refsource SUSE","Mailing List",{"url":143,"sources":144,"tags":145},"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html",[114,120],[139,140,141,123],{"url":147,"sources":148,"tags":149},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/",[114,120],[139,150],"X Refsource FEDORA",{"url":152,"sources":153,"tags":154},"https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html",[114,120],[141,155,123],"X Refsource MLIST",[],{"date":158,"score":110,"percentile":159},"2026-06-04",0.83065,[161,164,167,170,173,176,179,182,185,188,191,194,197,200,202,206,209,212,215,218,221,223,225,227,229,232,234,236,240,243,246,249,252,255,258,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,305,308,311,313,316,319,322,325,328,331,334,336,339,341,343,345,347,349,352,355,358,360,363,366,368,371,374,377,380,382,385,388,391,393,396,399,401,404,406,409],{"date":162,"score":110,"percentile":163},"2025-11-04",0.82096,{"date":165,"score":110,"percentile":166},"2025-11-05",0.82097,{"date":168,"score":110,"percentile":169},"2025-11-06",0.82101,{"date":171,"score":110,"percentile":172},"2025-11-07",0.82111,{"date":174,"score":110,"percentile":175},"2025-11-08",0.82119,{"date":177,"score":110,"percentile":178},"2025-11-09",0.82114,{"date":180,"score":110,"percentile":181},"2025-11-10",0.82107,{"date":183,"score":110,"percentile":184},"2025-11-11",0.82116,{"date":186,"score":110,"percentile":187},"2025-11-12",0.82126,{"date":189,"score":110,"percentile":190},"2025-11-13",0.82131,{"date":192,"score":110,"percentile":193},"2025-11-14",0.82135,{"date":195,"score":110,"percentile":196},"2025-11-15",0.82128,{"date":198,"score":110,"percentile":199},"2025-11-16",0.8213,{"date":201,"score":110,"percentile":196},"2025-11-17",{"date":203,"score":204,"percentile":205},"2025-11-18",0.02041,0.82395,{"date":207,"score":204,"percentile":208},"2025-11-19",0.82396,{"date":210,"score":204,"percentile":211},"2025-11-20",0.824,{"date":213,"score":110,"percentile":214},"2025-11-21",0.8214,{"date":216,"score":110,"percentile":217},"2025-11-22",0.82142,{"date":219,"score":110,"percentile":220},"2025-11-23",0.82136,{"date":222,"score":110,"percentile":193},"2025-11-24",{"date":224,"score":110,"percentile":199},"2025-11-25",{"date":226,"score":110,"percentile":190},"2025-11-26",{"date":228,"score":110,"percentile":220},"2025-11-27",{"date":230,"score":110,"percentile":231},"2025-11-28",0.82124,{"date":233,"score":110,"percentile":190},"2025-11-29",{"date":235,"score":110,"percentile":220},"2025-11-30",{"date":237,"score":238,"percentile":239},"2025-12-01",0.01106,0.77564,{"date":241,"score":238,"percentile":242},"2025-12-02",0.77572,{"date":244,"score":238,"percentile":245},"2025-12-03",0.77557,{"date":247,"score":110,"percentile":248},"2025-12-04",0.82133,{"date":250,"score":110,"percentile":251},"2025-12-05",0.82141,{"date":253,"score":110,"percentile":254},"2025-12-06",0.82138,{"date":256,"score":110,"percentile":257},"2025-12-07",0.82137,{"date":259,"score":110,"percentile":214},"2025-12-08",{"date":261,"score":110,"percentile":262},"2025-12-09",0.82159,{"date":264,"score":110,"percentile":265},"2025-12-10",0.82184,{"date":267,"score":110,"percentile":268},"2025-12-11",0.82202,{"date":270,"score":110,"percentile":271},"2025-12-12",0.82211,{"date":273,"score":110,"percentile":274},"2025-12-13",0.82212,{"date":276,"score":110,"percentile":277},"2025-12-14",0.82208,{"date":279,"score":110,"percentile":280},"2025-12-15",0.82205,{"date":282,"score":110,"percentile":283},"2025-12-16",0.82216,{"date":285,"score":110,"percentile":286},"2025-12-17",0.82222,{"date":288,"score":110,"percentile":289},"2025-12-18",0.82233,{"date":291,"score":110,"percentile":292},"2025-12-19",0.82237,{"date":294,"score":110,"percentile":295},"2025-12-20",0.82231,{"date":297,"score":110,"percentile":298},"2025-12-21",0.82229,{"date":300,"score":110,"percentile":301},"2025-12-22",0.82232,{"date":303,"score":110,"percentile":304},"2025-12-23",0.82235,{"date":306,"score":110,"percentile":307},"2025-12-24",0.82244,{"date":309,"score":110,"percentile":310},"2025-12-25",0.82259,{"date":312,"score":110,"percentile":310},"2025-12-26",{"date":314,"score":110,"percentile":315},"2025-12-27",0.82288,{"date":317,"score":110,"percentile":318},"2025-12-28",0.82246,{"date":320,"score":110,"percentile":321},"2025-12-29",0.8224,{"date":323,"score":110,"percentile":324},"2025-12-30",0.82248,{"date":326,"score":110,"percentile":327},"2025-12-31",0.82261,{"date":329,"score":238,"percentile":330},"2026-01-01",0.77721,{"date":332,"score":238,"percentile":333},"2026-01-02",0.77722,{"date":335,"score":238,"percentile":330},"2026-01-03",{"date":337,"score":110,"percentile":338},"2026-01-04",0.82238,{"date":340,"score":110,"percentile":301},"2026-01-05",{"date":342,"score":110,"percentile":292},"2026-01-06",{"date":344,"score":110,"percentile":338},"2026-01-07",{"date":346,"score":110,"percentile":307},"2026-01-08",{"date":348,"score":110,"percentile":307},"2026-01-09",{"date":350,"score":110,"percentile":351},"2026-01-10",0.82245,{"date":353,"score":110,"percentile":354},"2026-01-11",0.82243,{"date":356,"score":110,"percentile":357},"2026-01-12",0.82234,{"date":359,"score":110,"percentile":301},"2026-01-13",{"date":361,"score":110,"percentile":362},"2026-01-14",0.82252,{"date":364,"score":110,"percentile":365},"2026-01-15",0.82251,{"date":367,"score":110,"percentile":327},"2026-01-16",{"date":369,"score":110,"percentile":370},"2026-01-17",0.82262,{"date":372,"score":110,"percentile":373},"2026-01-18",0.8226,{"date":375,"score":110,"percentile":376},"2026-01-19",0.82256,{"date":378,"score":110,"percentile":379},"2026-01-20",0.82254,{"date":381,"score":110,"percentile":327},"2026-01-21",{"date":383,"score":110,"percentile":384},"2026-01-22",0.82268,{"date":386,"score":110,"percentile":387},"2026-01-23",0.8229,{"date":389,"score":110,"percentile":390},"2026-01-24",0.82296,{"date":392,"score":110,"percentile":315},"2026-01-25",{"date":394,"score":110,"percentile":395},"2026-01-26",0.82286,{"date":397,"score":110,"percentile":398},"2026-01-27",0.82284,{"date":400,"score":110,"percentile":395},"2026-01-28",{"date":402,"score":110,"percentile":403},"2026-01-29",0.82287,{"date":405,"score":110,"percentile":390},"2026-01-30",{"date":407,"score":110,"percentile":408},"2026-01-31",0.82301,{"date":410,"score":238,"percentile":411},"2026-02-01",0.77788,[413,418],{"source":114,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":414,"cvss_v4_0":9},{"baseScore":112,"baseSeverity":415,"vectorString":115,"impactScore":416,"exploitabilityScore":417},"HIGH",6,10,{"source":120,"cvss_v2_0":419,"cvss_v3_0":9,"cvss_v3_1":423,"cvss_v4_0":9},{"baseScore":420,"baseSeverity":9,"vectorString":421,"impactScore":422,"exploitabilityScore":417},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,{"baseScore":112,"baseSeverity":415,"vectorString":115,"impactScore":416,"exploitabilityScore":417},[425,434,440],{"ecosystem":9,"name":426,"vendor":427,"product":428,"cpe_part":429,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":430},"debian linux","debian","debian_linux","o",[431],{"version":432,"is_range":108,"range_type":433,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"ecosystem":9,"name":435,"vendor":436,"product":435,"cpe_part":429,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":437},"fedora","fedoraproject",[438],{"version":439,"is_range":108,"range_type":433,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33",{"ecosystem":9,"name":441,"vendor":441,"product":441,"cpe_part":442,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":443},"puma","a",[444,451,455,458],{"version":445,"is_range":446,"range_type":433,"version_start":447,"version_start_type":448,"version_end":449,"version_end_type":450,"fixed_in":9},"gte3.0.0_lt3.12.6",true,"3.0.0","including","3.12.6","excluding",{"version":452,"is_range":446,"range_type":433,"version_start":453,"version_start_type":448,"version_end":454,"version_end_type":450,"fixed_in":9},">= 4.0.0, \u003C 4.3.5","4.0.0","4.3.5",{"version":456,"is_range":446,"range_type":114,"version_start":9,"version_start_type":9,"version_end":457,"version_end_type":450,"fixed_in":9},"\u003C 3.12.5","3.12.5",{"version":459,"is_range":446,"range_type":114,"version_start":453,"version_start_type":448,"version_end":460,"version_end_type":450,"fixed_in":9},">= 4.0.0, \u003C 4.3.4","4.3.4"]