Skip to content

Commit 05a1920

Browse files
jasnowRubySec CI
jasnow
authored and
RubySec CI
committed
Updated advisory posts against rubysec/ruby-advisory-db@62b6ac2 
1 parent 268a38c commit 05a1920

File tree

1 file changed

+33
-0
lines changed

1 file changed

+33
-0
lines changed

advisories/_posts/2025-03-27-CVE-2025-30221.md

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,33 @@
1+
---
2+
layout: advisory
3+
title: 'CVE-2025-30221 (pitchfork): Pitchfork HTTP Request/Response Splitting vulnerability'
4+
comments: false
5+
categories:
6+
- pitchfork
7+
advisory:
8+
gem: pitchfork
9+
cve: 2025-30221
10+
ghsa: pfqj-w6r6-g86v
11+
url: https://github.com/Shopify/pitchfork/security/advisories/GHSA-pfqj-w6r6-g86v
12+
title: Pitchfork HTTP Request/Response Splitting vulnerability
13+
date: 2025-03-27
14+
description: |
15+
### Impact
16+
HTTP Response Header Injection in Pitchfork Versions < 0.11.0
17+
when used in conjunction with Rack 3
18+
19+
### Patches
20+
The issue was fixed in Pitchfork release 0.11.0
21+
22+
### Workarounds
23+
There are no known work arounds. Users must upgrade.
24+
cvss_v3: 4.3
25+
patched_versions:
26+
- ">= 0.11.0"
27+
related:
28+
url:
29+
- https://nvd.nist.gov/vuln/detail/CVE-2025-30221
30+
- https://github.com/Shopify/pitchfork/security/advisories/GHSA-pfqj-w6r6-g86v
31+
- https://github.com/Shopify/pitchfork/commit/17ed9b61bf9f58957065f7405b66102daf86bf55
32+
- https://github.com/advisories/GHSA-pfqj-w6r6-g86v
33+
---

0 commit comments

Comments
 (0)