4 matches found
OPENSUSE-SU-2026:10357-1 ruby4.0-rubygem-puma-6.4.3-1.5 on GA media
These are all security issues fixed in the ruby4.0-rubygem-puma-6.4.3-1.5 package on the GA media of openSUSE Tumbleweed...
rubygem-puma: HTTP request smuggling when parsing chunked Transfer-Encoding Bodies
A flaw was found in Puma rubygem. Versions prior 6.4.2 are susceptible to a HTTP smuggling attack when parsing chunked transfer encoding bodies on HTTP messages, which don't limit the size of the message chunk extensions. This issue may lead to uncontrolled resource consumption, possibly resultin...
OESA-2021-1169 rubygem-puma security update
Security Fixes: In Puma RubyGem before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.CVE-2020-11076 In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request...
UBUNTU-CVE-2020-5249
In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...