VYPR
Vendor

Puma

Products
2
CVEs
3
Across products
3
Status
Private

Products

2

Recent CVEs

3
  • CVE-2026-47737higJun 9, 2026
    risk 0.38cvss epss 0.00

    ### Impact Puma is vulnerable to source IP spoofing when `set_remote_address proxy_protocol: :v1` is enabled and persistent connections are used. PROXY protocol v1 is a connection-level protocol. [Support was added to Puma in v5.5.0](https://github.com/puma/puma/issues/2651).…

  • CVE-2026-47736higJun 8, 2026
    risk 0.38cvss epss 0.00

    ### Impact [PROXY protocol support for Puma](https://github.com/puma/puma/issues/2651) was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present.…

  • CVE-2017-8943MedMay 15, 2017
    risk 0.38cvss 5.9epss 0.01

    The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.