Lucene search
K

4 matches found

OSV
OSV
added 2026/03/13 12:0 a.m.2 views

OPENSUSE-SU-2026:10357-1 ruby4.0-rubygem-puma-6.4.3-1.5 on GA media

These are all security issues fixed in the ruby4.0-rubygem-puma-6.4.3-1.5 package on the GA media of openSUSE Tumbleweed...

8CVSS5.8AI score0.03977EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/04/23 5:18 p.m.2 views

rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies

A flaw was found in Puma rubygem. Versions prior 6.4.2 are susceptible to a HTTP smuggling attack when parsing chunked transfer encoding bodies on HTTP messages, which don't limit the size of the message chunk extensions. This issue may lead to uncontrolled resource consumption, possibly resultin...

7.5CVSS7.1AI score0.00958EPSS
Exploits0References5
OSV
OSV
added 2021/05/06 11:2 a.m.2 views

OESA-2021-1169 rubygem-puma security update

Security Fixes: In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.CVE-2020-11076 In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request...

7.5CVSS7AI score0.03977EPSS
Exploits0References3
OSV
OSV
added 2020/03/02 4:15 p.m.1 views

UBUNTU-CVE-2020-5249

In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...

6.5CVSS6.9AI score0.01571EPSS
Exploits0References6
Rows per page
Query Builder