rpm package
opensuse/ruby3.2-rubygem-puma&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/ruby3.2-rubygem-puma&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-23634 | — | < 6.0.0-2.1 | 6.0.0-2.1 | Feb 11, 2022 | Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to wor | ||
| CVE-2020-11076 | — | < 6.0.0-2.1 | 6.0.0-2.1 | May 22, 2020 | In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. | ||
| CVE-2019-16770 | — | < 6.0.0-2.1 | 6.0.0-2.1 | Dec 5, 2019 | In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p |
- CVE-2022-23634Feb 11, 2022affected < 6.0.0-2.1fixed 6.0.0-2.1
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to wor
- CVE-2020-11076May 22, 2020affected < 6.0.0-2.1fixed 6.0.0-2.1
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
- CVE-2019-16770Dec 5, 2019affected < 6.0.0-2.1fixed 6.0.0-2.1
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p