CVE-2020-11076: Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)

May 22, 2020 (updated October 7, 2020)

In GitLab Puma (RubyGem), an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header.

References

nvd.nist.gov/vuln/detail/CVE-2020-11076

Code Behaviors & Features

Detect and mitigate CVE-2020-11076 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →