PT-2026-47625

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "r " to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

EUVD-2021-2154

Malware in sbrugna...

EUVD-2021-1158

Malware in sbrugna...

EUVD-2022-1439

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-24790

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that...

OESA-2024-2250 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request...

OESA-2024-2251 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version...

OESA-2024-2249 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version...

The vulnerability of HTTP servers for Ruby/Rack applications developed with Puma allows attackers to access confidential information.

The vulnerability of HTTP servers for Ruby/Rack applications developed by Puma relates to the exposure of confidential information to unauthorized individuals. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

HTTP Request Smuggling

Overview puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process...

Design/Logic Flaw

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

HTTP Request Smuggling

Overview puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process...

OESA-2024-1005 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the...

OESA-2024-1002 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the...

GHSA-3PX7-JM2P-6H2C encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs

Impact The length of URIs and the various parts eg path segments, query parameters is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are : - path segment length: 8192 - Max URI length: 1024 12 - Max query length: 1024 10 See...

encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs

Impact The length of URIs and the various parts eg path segments, query parameters is usually limited by the webserver processing the incoming request. In the case of Puma the defaults are : - path segment length: 8192 - Max URI length: 1024 12 - Max query length: 1024 10 See...

HTTP Request Smuggling

Overview puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process...

SUSE CVE-2021-29509

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same...

SUSE CVE-2022-24790

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. Thi...