rpm package
suse/rubygem-puma&distro=SUSE Linux Enterprise High Availability Extension 15 SP5
pkg:rpm/suse/rubygem-puma&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-45614 | Med | 5.4 | < 4.3.12-150000.3.15.1 | 4.3.12-150000.3.15.1 | Sep 19, 2024 | Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is affect | |
| CVE-2024-21647 | Med | 5.9 | < 4.3.12-150000.3.15.1 | 4.3.12-150000.3.15.1 | Jan 8, 2024 | Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without | |
| CVE-2023-40175 | Hig | 7.3 | < 4.3.12-150000.3.12.1 | 4.3.12-150000.3.12.1 | Aug 18, 2023 | Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is |
- affected < 4.3.12-150000.3.15.1fixed 4.3.12-150000.3.15.1
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For). Any users relying on proxy set variables is affect
- affected < 4.3.12-150000.3.15.1fixed 4.3.12-150000.3.15.1
Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without
- affected < 4.3.12-150000.3.12.1fixed 4.3.12-150000.3.12.1
Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is