pkg:gem/puma
Type
gem
Name
puma
Known advisories, vulnerabilities and fixes for puma package.
- Repository
- https://rubygems.org/gems/puma
Critical
1
High
4
Medium
5
Low
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 4.3.1 |
CVE-2019-16770
|
RUBYSEC:PUMA-2019-16770 | Keepalive thread overload/DoS in puma | high |
2019-12-05T00:00:00
(4 years ago) |
|
Fixed | = 3.12.2 >= 4.3.1 |
CVE-2019-16770
|
RUBYSEC:PUMA-2019-16770 | Keepalive thread overload/DoS in puma | high |
2019-12-05T00:00:00
(4 years ago) |
|
Affected | < 4.3.4 |
CVE-2020-11076
|
RUBYSEC:PUMA-2020-11076 | HTTP Smuggling via Transfer-Encoding Header in Puma | high |
2020-05-22T00:00:00
(4 years ago) |
|
Fixed | = 3.12.5 >= 4.3.4 |
CVE-2020-11076
|
RUBYSEC:PUMA-2020-11076 | HTTP Smuggling via Transfer-Encoding Header in Puma | high |
2020-05-22T00:00:00
(4 years ago) |
|
Affected | < 4.3.5 |
CVE-2020-11077
|
RUBYSEC:PUMA-2020-11077 | HTTP Smuggling via Transfer-Encoding Header in Puma | medium |
2020-05-22T00:00:00
(4 years ago) |
|
Fixed | = 3.12.6 >= 4.3.5 |
CVE-2020-11077
|
RUBYSEC:PUMA-2020-11077 | HTTP Smuggling via Transfer-Encoding Header in Puma | medium |
2020-05-22T00:00:00
(4 years ago) |
|
Affected | < 4.3.3 |
CVE-2019-16254
CVE-2020-5247 |
RUBYSEC:PUMA-2020-5247 | HTTP Response Splitting vulnerability in puma | medium |
2020-02-27T00:00:00
(4 years ago) |
|
Fixed | = 3.12.4 >= 4.3.3 |
CVE-2019-16254
CVE-2020-5247 |
RUBYSEC:PUMA-2020-5247 | HTTP Response Splitting vulnerability in puma | medium |
2020-02-27T00:00:00
(4 years ago) |
|
Affected | < 4.3.3 |
CVE-2020-5247
CVE-2020-5249 |
RUBYSEC:PUMA-2020-5249 | HTTP Response Splitting (Early Hints) in Puma | medium |
2020-03-03T00:00:00
(4 years ago) |
|
Fixed | = 3.12.4 >= 4.3.3 |
CVE-2020-5247
CVE-2020-5249 |
RUBYSEC:PUMA-2020-5249 | HTTP Response Splitting (Early Hints) in Puma | medium |
2020-03-03T00:00:00
(4 years ago) |
|
Affected | < 5.3.1 |
CVE-2019-16770
CVE-2021-29509 |
RUBYSEC:PUMA-2021-29509 | Keepalive Connections Causing Denial Of Service in puma | high |
2021-05-11T00:00:00
(3 years ago) |
|
Fixed | = 4.3.8 >= 5.3.1 |
CVE-2019-16770
CVE-2021-29509 |
RUBYSEC:PUMA-2021-29509 | Keepalive Connections Causing Denial Of Service in puma | high |
2021-05-11T00:00:00
(3 years ago) |
|
Affected | < 5.5.1 |
CVE-2021-41136
|
RUBYSEC:PUMA-2021-41136 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma | low |
2021-10-12T00:00:00
(2 years ago) |
|
Fixed | = 4.3.9 >= 5.5.1 |
CVE-2021-41136
|
RUBYSEC:PUMA-2021-41136 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma | low |
2021-10-12T00:00:00
(2 years ago) |
|
Affected | < 5.6.2 |
CVE-2022-23633
CVE-2022-23634 |
RUBYSEC:PUMA-2022-23634 | Information Exposure with Puma when used with Rails | high |
2022-02-11T00:00:00
(2 years ago) |
|
Fixed | = 4.3.11 >= 5.6.2 |
CVE-2022-23633
CVE-2022-23634 |
RUBYSEC:PUMA-2022-23634 | Information Exposure with Puma when used with Rails | high |
2022-02-11T00:00:00
(2 years ago) |
|
Affected | < 5.6.4 |
CVE-2022-24790
|
RUBYSEC:PUMA-2022-24790 | HTTP Request Smuggling in puma | critical |
2022-03-30T00:00:00
(2 years ago) |
|
Fixed | = 4.3.12 >= 5.6.4 |
CVE-2022-24790
|
RUBYSEC:PUMA-2022-24790 | HTTP Request Smuggling in puma | critical |
2022-03-30T00:00:00
(2 years ago) |
|
Affected | < 6.3.1 |
CVE-2023-40175
|
RUBYSEC:PUMA-2023-40175 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in puma | medium |
2023-08-18T00:00:00
(13 months ago) |
|
Fixed | = 5.6.7 >= 6.3.1 |
CVE-2023-40175
|
RUBYSEC:PUMA-2023-40175 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in puma | medium |
2023-08-18T00:00:00
(13 months ago) |
|
Affected | < 6.4.2 |
CVE-2024-21647
|
RUBYSEC:PUMA-2024-21647 | Puma HTTP Request/Response Smuggling vulnerability | medium |
2024-01-08T00:00:00
(8 months ago) |
|
Fixed | = 5.6.8 >= 6.4.2 |
CVE-2024-21647
|
RUBYSEC:PUMA-2024-21647 | Puma HTTP Request/Response Smuggling vulnerability | medium |
2024-01-08T00:00:00
(8 months ago) |