Puma Ruby/Rack web server allows clients to clobber proxy-defined headers values using a underscore version of the same header, potentially impacting user security. Upgrading to v6.4.3/v5.6.9 or configuring Nginx mitigates this issue
Reporter | Title | Published | Views | Family All 33 |
---|---|---|---|---|
![]() | CGA-2r2f-jcxj-hqjf | 18 Nov 202417:18 | – | osv |
![]() | CVE-2024-45614 | 19 Sep 202423:15 | – | osv |
![]() | CGA-7qjr-6v4f-v99j | 22 Sep 202414:21 | – | osv |
![]() | UBUNTU-CVE-2024-45614 | 20 Sep 202400:00 | – | osv |
![]() | Puma's header normalization allows for client to clobber proxy set headers | 20 Sep 202414:40 | – | osv |
![]() | ruby3.3-rubygem-puma-6.4.3-1.1 on GA media | 7 Nov 202400:00 | – | osv |
![]() | puma vulnerability | 24 Sep 202413:16 | – | osv |
![]() | puma vulnerability | 24 Sep 202415:04 | – | osv |
![]() | puma - security update | 6 Nov 202400:00 | – | osv |
![]() | Security update for rubygem-puma | 16 Oct 202406:55 | – | osv |
[
{
"vendor": "puma",
"product": "puma",
"versions": [
{
"version": ">= 6.0.0, < 6.4.3",
"status": "affected"
},
{
"version": "< 5.6.9",
"status": "affected"
}
]
}
]
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo