Skip to content

Commit 62b6ac2

Browse files
jasnowpostmodern
jasnow
authored and
postmodern
committed
GHSA SYNC: 1 brand new advisory
1 parent 305a6b3 commit 62b6ac2

File tree

1 file changed

+26
-0
lines changed

1 file changed

+26
-0
lines changed

gems/pitchfork/CVE-2025-30221.yml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
---
2+
gem: pitchfork
3+
cve: 2025-30221
4+
ghsa: pfqj-w6r6-g86v
5+
url: https://github.com/Shopify/pitchfork/security/advisories/GHSA-pfqj-w6r6-g86v
6+
title: Pitchfork HTTP Request/Response Splitting vulnerability
7+
date: 2025-03-27
8+
description: |
9+
### Impact
10+
HTTP Response Header Injection in Pitchfork Versions < 0.11.0
11+
when used in conjunction with Rack 3
12+
13+
### Patches
14+
The issue was fixed in Pitchfork release 0.11.0
15+
16+
### Workarounds
17+
There are no known work arounds. Users must upgrade.
18+
cvss_v3: 4.3
19+
patched_versions:
20+
- ">= 0.11.0"
21+
related:
22+
url:
23+
- https://nvd.nist.gov/vuln/detail/CVE-2025-30221
24+
- https://github.com/Shopify/pitchfork/security/advisories/GHSA-pfqj-w6r6-g86v
25+
- https://github.com/Shopify/pitchfork/commit/17ed9b61bf9f58957065f7405b66102daf86bf55
26+
- https://github.com/advisories/GHSA-pfqj-w6r6-g86v

0 commit comments

Comments
 (0)