The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).
The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma is related to deficiencies in the processing of HTTP requests containing the Content-Length header. Exploiting this vulnerability allows a malicious actor to send hidden HTTP requests a type of HTTP Request Smuggling...