[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-11077":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":29,"downstream":30,"duplicates":61,"related":62,"reserved_at":9,"published_at":74,"modified_at":75,"state":76,"summary":77,"references_raw":86,"kevs":121,"epss":122,"epss_history":125,"metrics":383,"affected":400},"CVE-2020-11077","In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[],[],[31,33,35,37,39,41,43,45,47,49,51,53,55,57,59],{"_key":32},"SUSE-RU-2020:2072-1",{"_key":34},"SUSE-SU-2020:1901-1",{"_key":36},"SUSE-SU-2020:1919-1",{"_key":38},"SUSE-SU-2020:2060-1",{"_key":40},"SUSE-SU-2020:3036-1",{"_key":42},"SUSE-SU-2020:3147-1",{"_key":44},"SUSE-SU-2020:3160-1",{"_key":46},"UBUNTU-CVE-2020-11077",{"_key":48},"OPENSUSE-SU-2020:0990-1",{"_key":50},"OPENSUSE-SU-2020:1001-1",{"_key":52},"OPENSUSE-SU-2020:1993-1",{"_key":54},"OPENSUSE-SU-2020:2000-1",{"_key":56},"DLA-2398-1",{"_key":58},"USN-6682-1",{"_key":60},"DEBIAN-CVE-2020-11077",[],[63,64,65,66,67,68,69,70,71,72,73],{"_key":32},{"_key":34},{"_key":36},{"_key":38},{"_key":40},{"_key":42},{"_key":44},{"_key":48},{"_key":50},{"_key":52},{"_key":54},"2020-05-22T14:55:13.000Z","2024-08-04T11:21:14.618Z","Modified",{"cisa_kev":78,"cisa_ransomware":78,"cisa_vendor":9,"epss_severity":79,"epss_score":80,"severity":81,"severity_score":82,"severity_version":83,"severity_source":84,"severity_vector":85,"severity_status":76},false,"low",0.00821,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[87,94,100,107,111,116],{"url":88,"sources":89,"tags":91},"https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22",[90,84],"cve.org",[92,93],"X Refsource MISC","Release Notes",{"url":95,"sources":96,"tags":97},"https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm",[90,84],[98,99],"X Refsource CONFIRM","Vendor Advisory",{"url":101,"sources":102,"tags":103},"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html",[90,84],[99,104,105,106],"X Refsource SUSE","Mailing List","Third Party Advisory",{"url":108,"sources":109,"tags":110},"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html",[90,84],[99,104,105,106],{"url":112,"sources":113,"tags":114},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/",[90,84],[99,115],"X Refsource FEDORA",{"url":117,"sources":118,"tags":119},"https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html",[90,84],[105,120,106],"X Refsource MLIST",[],{"date":123,"score":80,"percentile":124},"2026-06-04",0.74753,[126,129,132,135,138,140,143,146,149,152,155,158,161,163,166,170,173,176,179,182,184,187,190,193,195,197,200,203,207,210,213,216,219,221,224,227,230,233,236,239,242,244,247,250,253,256,259,262,265,267,270,273,276,279,282,284,287,289,292,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,340,343,345,347,350,353,355,358,361,364,367,369,371,374,377,380],{"date":127,"score":80,"percentile":128},"2025-11-04",0.73647,{"date":130,"score":80,"percentile":131},"2025-11-05",0.73632,{"date":133,"score":80,"percentile":134},"2025-11-06",0.7363,{"date":136,"score":80,"percentile":137},"2025-11-07",0.73648,{"date":139,"score":80,"percentile":137},"2025-11-08",{"date":141,"score":80,"percentile":142},"2025-11-09",0.73643,{"date":144,"score":80,"percentile":145},"2025-11-10",0.73631,{"date":147,"score":80,"percentile":148},"2025-11-11",0.73636,{"date":150,"score":80,"percentile":151},"2025-11-12",0.73654,{"date":153,"score":80,"percentile":154},"2025-11-13",0.73662,{"date":156,"score":80,"percentile":157},"2025-11-14",0.73668,{"date":159,"score":80,"percentile":160},"2025-11-15",0.73666,{"date":162,"score":80,"percentile":154},"2025-11-16",{"date":164,"score":80,"percentile":165},"2025-11-17",0.73655,{"date":167,"score":168,"percentile":169},"2025-11-18",0.00643,0.6825,{"date":171,"score":168,"percentile":172},"2025-11-19",0.68257,{"date":174,"score":168,"percentile":175},"2025-11-20",0.68252,{"date":177,"score":80,"percentile":178},"2025-11-21",0.73674,{"date":180,"score":80,"percentile":181},"2025-11-22",0.73664,{"date":183,"score":80,"percentile":137},"2025-11-23",{"date":185,"score":80,"percentile":186},"2025-11-24",0.73644,{"date":188,"score":80,"percentile":189},"2025-11-25",0.73646,{"date":191,"score":80,"percentile":192},"2025-11-26",0.73652,{"date":194,"score":80,"percentile":151},"2025-11-27",{"date":196,"score":80,"percentile":128},"2025-11-28",{"date":198,"score":80,"percentile":199},"2025-11-29",0.73638,{"date":201,"score":80,"percentile":202},"2025-11-30",0.73633,{"date":204,"score":205,"percentile":206},"2025-12-01",0.00491,0.64858,{"date":208,"score":205,"percentile":209},"2025-12-02",0.64876,{"date":211,"score":205,"percentile":212},"2025-12-03",0.64877,{"date":214,"score":80,"percentile":215},"2025-12-04",0.73641,{"date":217,"score":80,"percentile":218},"2025-12-05",0.7365,{"date":220,"score":80,"percentile":218},"2025-12-06",{"date":222,"score":80,"percentile":223},"2025-12-07",0.73651,{"date":225,"score":80,"percentile":226},"2025-12-08",0.73656,{"date":228,"score":80,"percentile":229},"2025-12-09",0.73687,{"date":231,"score":80,"percentile":232},"2025-12-10",0.73719,{"date":234,"score":80,"percentile":235},"2025-12-11",0.73736,{"date":237,"score":80,"percentile":238},"2025-12-12",0.73758,{"date":240,"score":80,"percentile":241},"2025-12-13",0.7376,{"date":243,"score":80,"percentile":241},"2025-12-14",{"date":245,"score":80,"percentile":246},"2025-12-15",0.73764,{"date":248,"score":80,"percentile":249},"2025-12-16",0.73773,{"date":251,"score":80,"percentile":252},"2025-12-17",0.73784,{"date":254,"score":80,"percentile":255},"2025-12-18",0.73808,{"date":257,"score":80,"percentile":258},"2025-12-19",0.73824,{"date":260,"score":80,"percentile":261},"2025-12-20",0.73823,{"date":263,"score":80,"percentile":264},"2025-12-21",0.73815,{"date":266,"score":80,"percentile":264},"2025-12-22",{"date":268,"score":80,"percentile":269},"2025-12-23",0.73805,{"date":271,"score":80,"percentile":272},"2025-12-24",0.73816,{"date":274,"score":80,"percentile":275},"2025-12-25",0.73844,{"date":277,"score":80,"percentile":278},"2025-12-26",0.7384,{"date":280,"score":80,"percentile":281},"2025-12-27",0.73866,{"date":283,"score":80,"percentile":272},"2025-12-28",{"date":285,"score":80,"percentile":286},"2025-12-29",0.73809,{"date":288,"score":80,"percentile":261},"2025-12-30",{"date":290,"score":80,"percentile":291},"2025-12-31",0.73852,{"date":293,"score":205,"percentile":294},"2026-01-01",0.65123,{"date":296,"score":205,"percentile":297},"2026-01-02",0.6511,{"date":299,"score":205,"percentile":300},"2026-01-03",0.65112,{"date":302,"score":80,"percentile":303},"2026-01-04",0.73864,{"date":305,"score":80,"percentile":306},"2026-01-05",0.73858,{"date":308,"score":80,"percentile":309},"2026-01-06",0.73873,{"date":311,"score":80,"percentile":312},"2026-01-07",0.73882,{"date":314,"score":80,"percentile":315},"2026-01-08",0.73894,{"date":317,"score":80,"percentile":318},"2026-01-09",0.73901,{"date":320,"score":80,"percentile":321},"2026-01-10",0.73896,{"date":323,"score":80,"percentile":324},"2026-01-11",0.73883,{"date":326,"score":80,"percentile":327},"2026-01-12",0.73872,{"date":329,"score":80,"percentile":330},"2026-01-13",0.73871,{"date":332,"score":80,"percentile":333},"2026-01-14",0.73895,{"date":335,"score":80,"percentile":336},"2026-01-15",0.73906,{"date":338,"score":80,"percentile":339},"2026-01-16",0.73922,{"date":341,"score":80,"percentile":342},"2026-01-17",0.7392,{"date":344,"score":80,"percentile":321},"2026-01-18",{"date":346,"score":80,"percentile":312},"2026-01-19",{"date":348,"score":80,"percentile":349},"2026-01-20",0.73886,{"date":351,"score":80,"percentile":352},"2026-01-21",0.73889,{"date":354,"score":80,"percentile":315},"2026-01-22",{"date":356,"score":80,"percentile":357},"2026-01-23",0.73925,{"date":359,"score":80,"percentile":360},"2026-01-24",0.73933,{"date":362,"score":80,"percentile":363},"2026-01-25",0.73917,{"date":365,"score":80,"percentile":366},"2026-01-26",0.73915,{"date":368,"score":80,"percentile":342},"2026-01-27",{"date":370,"score":80,"percentile":360},"2026-01-28",{"date":372,"score":80,"percentile":373},"2026-01-29",0.73934,{"date":375,"score":80,"percentile":376},"2026-01-30",0.73939,{"date":378,"score":80,"percentile":379},"2026-01-31",0.73945,{"date":381,"score":205,"percentile":382},"2026-02-01",0.65178,[384,391],{"source":90,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":385,"cvss_v4_0":9},{"baseScore":386,"baseSeverity":387,"vectorString":388,"impactScore":389,"exploitabilityScore":390},6.8,"MEDIUM","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",6.7,5.6,{"source":84,"cvss_v2_0":392,"cvss_v3_0":9,"cvss_v3_1":397,"cvss_v4_0":9},{"baseScore":393,"baseSeverity":9,"vectorString":394,"impactScore":395,"exploitabilityScore":396},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,10,{"baseScore":82,"baseSeverity":398,"vectorString":85,"impactScore":399,"exploitabilityScore":396},"HIGH",6,[401,410,416,424],{"ecosystem":9,"name":402,"vendor":403,"product":404,"cpe_part":405,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":406},"debian linux","debian","debian_linux","o",[407],{"version":408,"is_range":78,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0","cpe",{"ecosystem":9,"name":411,"vendor":412,"product":411,"cpe_part":405,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":413},"fedora","fedoraproject",[414],{"version":415,"is_range":78,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33",{"ecosystem":9,"name":417,"vendor":418,"product":417,"cpe_part":405,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":419},"leap","opensuse",[420,422],{"version":421,"is_range":78,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.1",{"version":423,"is_range":78,"range_type":409,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"15.2",{"ecosystem":9,"name":425,"vendor":425,"product":425,"cpe_part":426,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":427},"puma","a",[428,435,437],{"version":429,"is_range":430,"range_type":409,"version_start":431,"version_start_type":432,"version_end":433,"version_end_type":434,"fixed_in":9},"gte3.0.0_lt3.12.6",true,"3.0.0","including","3.12.6","excluding",{"version":436,"is_range":430,"range_type":90,"version_start":9,"version_start_type":9,"version_end":433,"version_end_type":434,"fixed_in":9},"\u003C 3.12.6",{"version":438,"is_range":430,"range_type":409,"version_start":439,"version_start_type":432,"version_end":440,"version_end_type":434,"fixed_in":9},">= 4.0.0, \u003C 4.3.5","4.0.0","4.3.5"]