A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack

🗓️ 05 Dec 2019 19:37:26Reported by GitHub Advisory DatabaseType

Poorly-behaved client using keepalive requests to monopolize Puma's reactor for Denial of Service attac

Reporter	Title	Published	Views	Family All 50
RubySec	Keepalive thread overload/DoS in puma	4 Dec 201921:00	–	rubygems
RubySec	Keepalive Connections Causing Denial Of Service in puma	10 May 202121:00	–	rubygems
NVD	CVE-2019-16770	5 Dec 201920:15	–	nvd
NVD	CVE-2021-29509	11 May 202117:15	–	nvd
Cvelist	CVE-2019-16770 Potential DOS attack in Puma	5 Dec 201919:35	–	cvelist
Cvelist	CVE-2021-29509 Keepalive Connections Causing Denial Of Service in puma	11 May 202116:50	–	cvelist
Prion	Spoofing	5 Dec 201920:15	–	prion
Prion	Design/Logic Flaw	11 May 202117:15	–	prion
UbuntuCve	CVE-2019-16770	5 Dec 201900:00	–	ubuntucve
OSV	A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack	5 Dec 201919:26	–	osv

Vulners

Node

puma pumaRange4.0.0–4.3.1

puma pumaRange<3.12.2

Source	Link
github	www.github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-16770
github	www.github.com/advisories/GHSA-7xx3-m584-x994
lists	www.lists.debian.org/debian-lts-announce/2022/05/msg00034.html
github	www.github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2019-16770.yml

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

05 Dec 2019 19:26Current

2.5Low risk

Vulners AI Score2.5

CVSS25

CVSS35.3 - 7.5

EPSS0.0008

CWE-770