Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-6gcd-m795-k3ft
Vulnerability ID VCID-6gcd-m795-k3ft
Aliases CVE-2020-11076
GHSA-x7jg-6pwg-fx5h
Summary
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
System Score Found at
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html
generic_textual HIGH http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html
cvssv3.1 7.5 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html
generic_textual HIGH http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html
epss 0.01782 https://api.first.org/data/v1/epss?cve=CVE-2020-11076
cvssv3.1 6.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-x7jg-6pwg-fx5h
cvssv3.1 7.5 https://github.com/puma/puma
generic_textual HIGH https://github.com/puma/puma
cvssv3.1 7.5 https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22
generic_textual HIGH https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22
cvssv3.1 7.5 https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
generic_textual HIGH https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
cvssv3 7.5 https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
cvssv3.1 7.5 https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
cvssv3.1_qr HIGH https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
generic_textual HIGH https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
cvssv3.1 7.5 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2020-11076.yml
generic_textual HIGH https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2020-11076.yml
cvssv3.1 7.5 https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html
generic_textual HIGH https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-11076
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2020-11076
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html
https://api.first.org/data/v1/epss?cve=CVE-2020-11076
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/puma/puma
https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22
https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/
972102 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972102
CVE-2020-11076 https://nvd.nist.gov/vuln/detail/CVE-2020-11076
CVE-2020-11076.YML https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2020-11076.yml
GHSA-x7jg-6pwg-fx5h https://github.com/advisories/GHSA-x7jg-6pwg-fx5h
GHSA-x7jg-6pwg-fx5h https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
USN-6682-1 https://usn.ubuntu.com/6682-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/puma/puma
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2020-11076.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-11076
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.83039
EPSS Score 0.01782
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T21:59:54.775581+00:00 EPSS Importer Import https://epss.cyentia.com/epss_scores-current.csv.gz 38.6.0