2 matches found
PT-2026-47626
Name of the Vulnerable Software and Affected Versions Puma versions 5.5.0 through 7.2.0 Puma versions 8.0.0 through 8.0.1 Description Puma is susceptible to source IP spoofing when persistent connections are used and the set remote address proxy protocol: :v1 configuration is enabled. The issue...
Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion
Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...