VYPR

rpm package

opensuse/rubygem-puma-4&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/rubygem-puma-4&distro=openSUSE%20Tumbleweed

Vulnerabilities (4)

  • CVE-2022-24790Mar 30, 2022
    affected < 4.3.12-1.1fixed 4.3.12-1.1

    Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request sta

  • CVE-2021-41136Oct 12, 2021
    affected < 4.3.10-1.1fixed 4.3.10-1.1

    Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the p

  • CVE-2020-11076May 22, 2020
    affected < 4.3.10-1.1fixed 4.3.10-1.1

    In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

  • CVE-2019-16770Dec 5, 2019
    affected < 4.3.10-1.1fixed 4.3.10-1.1

    In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait p