EUVD-2024-0323

Malicious code in bioql PyPI...

EUVD-2022-1175

Malicious code in bioql PyPI...

EUVD-2024-2761

Malicious code in bioql PyPI...

EUVD-2023-2224

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-23634

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version...

Linux Distros Unpatched Vulnerability : CVE-2023-40175

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encodin...

Linux Distros Unpatched Vulnerability : CVE-2024-21647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer...

OESA-2024-2259 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request...

CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies such as X-Forwarded-For by providing a underscore version of the same header X-ForwardedFor. Any users relying on proxy set variables is affected. v6.4.3/v5.6.9 now...

SUSE CVE-2024-21647

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

DEBIAN-CVE-2024-21647

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

UBUNTU-CVE-2024-21647

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

CVE-2024-21647 HTTP Request/Response Smuggling in puma

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

CVE-2024-21647 HTTP Request/Response Smuggling in puma

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...

Puma Environmental Issues Vulnerability

Puma is a web server for highly concurrent applications from the US-based individual developer Evan Phoenix. An environmental issue vulnerability exists in versions prior to Puma 6.4.2, which stems from a security flaw in puma's parsing of chunked transfer encoders, which allows HTTP requests to ...

UBUNTU-CVE-2023-40175

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent ...

Puma 环境问题漏洞

Puma is a web server for highly concurrent applications by Evan Phoenix, an individual developer in the United States. An environmental issue vulnerability exists in Puma that stems from a security issue when parsing trailing fields and zero-length Content-Length headers in the body of the chunke...

[SECURITY] [DLA 3023-1] puma security update

Debian LTS Advisory DLA-3023-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany May 26, 2022 https://wiki.debian.org/LTS Package : puma Version : 3.6.0-1+deb9u2 CVE ID : CVE-2019-16770 CVE-2020-5247 CVE-2022-23634 Debian Bug : 946312 952766 1005391 Several security...

Puma 环境问题漏洞

Puma is a web server for highly concurrent applications from Evan Phoenix, an individual developer in the United States. Puma suffers from an environmental issue vulnerability that stems from the fact that when Puma is used behind a proxy that does not properly validate that incoming HTTP request...

CVE-2022-23634

Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its CurrentAttributes implementation to work correctly. The combination ...