Astra Linux - уязвимость в puma

Puma is a Ruby/Rack web server designed for parallelism. Prior to versions 6.3.1 and 5.6.7, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers, which could allow HTTP request smuggling. The severity of this issue depends heavily ...

Astra Linux - уязвимость в puma

Puma is a Ruby/Rack web server designed for parallelism. Prior to version 5.6.2 of Puma, Puma might not always call close on the response body. Before version 7.0.2.2 of Rails, Rails relied on the response body being closed in order for its CurrentAttributes implementation to work correctly. The...

Astra Linux - уязвимость в puma

Puma is a web server for Ruby/Rack applications designed for parallelism. Prior to version 6.4.2, Puma exhibited incorrect behavior when parsing chunked transfer encoding bodies, which allowed HTTP request smuggling. The fixed versions limit the size of chunk extensions. Without this limitation,...

Astra Linux - уязвимость в puma

Puma is a Ruby/Rack web server designed for parallelism. In affected versions, clients could manipulate values set by intermediate proxies such as X-Forwarded-For by providing a version of the header with an underscore . Any users who rely on proxy-defined headers are affected. Versions...

Astra Linux - уязвимость в puma

Puma is an HTTP 1.1 server for Ruby/Rack applications. Before versions 5.5.1 and 4.3.9, using “puma” with a proxy that forwards HTTP header values containing the LF character could lead to HTTP request smuggling. A client could secretly send a request through a proxy, causing the proxy to send a...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-puma (UTSA-2026-017658)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017658 advisory. Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-puma (UTSA-2026-017528)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017528 advisory. In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If th...

Astra Linux - уязвимость в puma

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP requests comply with the RFC7230 standard, Puma and the frontend proxy may disagree about where the requests start and...

Astra Linux - уязвимость в puma

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same...

EUVD-2019-0786

Malware in sbrugna...

EUVD-2020-0295

Malware in sbrugna...

EUVD-2020-0445

Malware in sbrugna...

EUVD-2020-0325

Malware in sbrugna...

Security Bulletin: Vulnerability in Puma used by Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-45614)

Summary There is a potential HTTP request smuggling in Puma that affect Logstash used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2024-45614 DESCRIPTION: Puma is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP X-Forwarded-For header. By...

HTTP Header Injection

puma is vulnerable to HTTP Header Injection. The vulnerability is due to inadequate validation and prioritization of HTTP headers, where Puma does not properly distinguish between standard headers and those with underscores, allowing conflicting headers to coexist without proper handling...

USN-7031-2 puma vulnerability

USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS. This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite heade...

USN-7031-2: Puma vulnerability

USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS. This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite heade...

USN-7031-1: Puma vulnerability

It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to overwrite header values set by intermediate proxies by providing duplicate headers containing underscore characters...

Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerability (USN-7031-2)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7031-2 advisory. USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS. This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS. Tenable has extract...

SUSE CVE-2024-45614

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...