VYPR
Moderate severityNVD Advisory· Published Dec 5, 2019· Updated Aug 5, 2024

Potential DOS attack in Puma

CVE-2019-16770

Description

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. This vulnerability is patched in Puma 4.3.1 and 3.12.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
pumaRubyGems
< 3.12.23.12.2
pumaRubyGems
>= 4.0.0, < 4.3.14.3.1

Affected products

343

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.