pkg:gem/puma

Type gem

Name puma

Known advisories, vulnerabilities and fixes for puma package.

Repository: https://rubygems.org/gems/puma

Critical 1

High 4

Medium 5

Low 1

Type	Version	# CVEs	# Advisory ID	Title	Severity	Published
Affected	< 4.3.1	CVE-2019-16770	RUBYSEC:PUMA-2019-16770	Keepalive thread overload/DoS in puma	high	2019-12-05T00:00:00 (4 years ago)
Fixed	= 3.12.2 >= 4.3.1	CVE-2019-16770	RUBYSEC:PUMA-2019-16770	Keepalive thread overload/DoS in puma	high	2019-12-05T00:00:00 (4 years ago)
Affected	< 4.3.4	CVE-2020-11076	RUBYSEC:PUMA-2020-11076	HTTP Smuggling via Transfer-Encoding Header in Puma	high	2020-05-22T00:00:00 (4 years ago)
Fixed	= 3.12.5 >= 4.3.4	CVE-2020-11076	RUBYSEC:PUMA-2020-11076	HTTP Smuggling via Transfer-Encoding Header in Puma	high	2020-05-22T00:00:00 (4 years ago)
Affected	< 4.3.5	CVE-2020-11077	RUBYSEC:PUMA-2020-11077	HTTP Smuggling via Transfer-Encoding Header in Puma	medium	2020-05-22T00:00:00 (4 years ago)
Fixed	= 3.12.6 >= 4.3.5	CVE-2020-11077	RUBYSEC:PUMA-2020-11077	HTTP Smuggling via Transfer-Encoding Header in Puma	medium	2020-05-22T00:00:00 (4 years ago)
Affected	< 4.3.3	CVE-2019-16254 CVE-2020-5247	RUBYSEC:PUMA-2020-5247	HTTP Response Splitting vulnerability in puma	medium	2020-02-27T00:00:00 (4 years ago)
Fixed	= 3.12.4 >= 4.3.3	CVE-2019-16254 CVE-2020-5247	RUBYSEC:PUMA-2020-5247	HTTP Response Splitting vulnerability in puma	medium	2020-02-27T00:00:00 (4 years ago)
Affected	< 4.3.3	CVE-2020-5247 CVE-2020-5249	RUBYSEC:PUMA-2020-5249	HTTP Response Splitting (Early Hints) in Puma	medium	2020-03-03T00:00:00 (4 years ago)
Fixed	= 3.12.4 >= 4.3.3	CVE-2020-5247 CVE-2020-5249	RUBYSEC:PUMA-2020-5249	HTTP Response Splitting (Early Hints) in Puma	medium	2020-03-03T00:00:00 (4 years ago)
Affected	< 5.3.1	CVE-2019-16770 CVE-2021-29509	RUBYSEC:PUMA-2021-29509	Keepalive Connections Causing Denial Of Service in puma	high	2021-05-11T00:00:00 (3 years ago)
Fixed	= 4.3.8 >= 5.3.1	CVE-2019-16770 CVE-2021-29509	RUBYSEC:PUMA-2021-29509	Keepalive Connections Causing Denial Of Service in puma	high	2021-05-11T00:00:00 (3 years ago)
Affected	< 5.5.1	CVE-2021-41136	RUBYSEC:PUMA-2021-41136	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma	low	2021-10-12T00:00:00 (2 years ago)
Fixed	= 4.3.9 >= 5.5.1	CVE-2021-41136	RUBYSEC:PUMA-2021-41136	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma	low	2021-10-12T00:00:00 (2 years ago)
Affected	< 5.6.2	CVE-2022-23633 CVE-2022-23634	RUBYSEC:PUMA-2022-23634	Information Exposure with Puma when used with Rails	high	2022-02-11T00:00:00 (2 years ago)
Fixed	= 4.3.11 >= 5.6.2	CVE-2022-23633 CVE-2022-23634	RUBYSEC:PUMA-2022-23634	Information Exposure with Puma when used with Rails	high	2022-02-11T00:00:00 (2 years ago)
Affected	< 5.6.4	CVE-2022-24790	RUBYSEC:PUMA-2022-24790	HTTP Request Smuggling in puma	critical	2022-03-30T00:00:00 (2 years ago)
Fixed	= 4.3.12 >= 5.6.4	CVE-2022-24790	RUBYSEC:PUMA-2022-24790	HTTP Request Smuggling in puma	critical	2022-03-30T00:00:00 (2 years ago)
Affected	< 6.3.1	CVE-2023-40175	RUBYSEC:PUMA-2023-40175	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in puma	medium	2023-08-18T00:00:00 (13 months ago)
Fixed	= 5.6.7 >= 6.3.1	CVE-2023-40175	RUBYSEC:PUMA-2023-40175	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in puma	medium	2023-08-18T00:00:00 (13 months ago)
Affected	< 6.4.2	CVE-2024-21647	RUBYSEC:PUMA-2024-21647	Puma HTTP Request/Response Smuggling vulnerability	medium	2024-01-08T00:00:00 (8 months ago)
Fixed	= 5.6.8 >= 6.4.2	CVE-2024-21647	RUBYSEC:PUMA-2024-21647	Puma HTTP Request/Response Smuggling vulnerability	medium	2024-01-08T00:00:00 (8 months ago)