VYPR

rpm package

opensuse/rubygem-puma&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/rubygem-puma&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2024-45614Sep 19, 2024
    affected < 6.4.3-1.1fixed 6.4.3-1.1

    Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is affect

  • CVE-2022-23634Feb 11, 2022
    affected < 5.6.2-1.1fixed 5.6.2-1.1

    Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to wor

  • CVE-2020-11076May 22, 2020
    affected < 5.6.2-1.1fixed 5.6.2-1.1

    In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

  • CVE-2019-16770Dec 5, 2019
    affected < 5.6.2-1.1fixed 5.6.2-1.1

    In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p