CVE-2025-30221

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-30221

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-30221.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-30221

Aliases

GHSA-pfqj-w6r6-g86v

Published

2025-03-27T15:16:02Z

Modified

2025-03-28T02:00:51.459Z

Summary

[none]

Details

Pitchfork is a preforking HTTP server for Rack applications. Versions prior to 0.11.0 are vulnerable to HTTP Response Header Injection when used in conjunction with Rack 3. The issue was fixed in Pitchfork release 0.11.0. No known workarounds are available.

References

Affected packages

Git / github.com/shopify/pitchfork

Affected ranges

Type: GIT
Repo: https://github.com/shopify/pitchfork
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

17ed9b61bf9f58957065f7405b66102daf86bf55

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.2

v0.10.0

v0.2.0

v0.3.0

v0.4.0

v0.4.1

v0.5.0

v0.6.0

v0.7.0

v0.8.0

v0.9.0