Astra Linux - уязвимость в puma

Puma is an HTTP 1.1 server for Ruby/Rack applications. Before versions 5.5.1 and 4.3.9, using “puma” with a proxy that forwards HTTP header values containing the LF character could lead to HTTP request smuggling. A client could secretly send a request through a proxy, causing the proxy to send a...

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-puma (UTSA-2026-017658)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017658 advisory. Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that...

OESA-2023-1983 rubygem-puma security update

A simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Security Fixes: Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards HTTP header values which contain the LF character could allow...

SUSE CVE-2020-5249

In Puma RubyGem before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. This vulnerability is...

PT-2022-16147 · Puma +6 · Puma +8

Name of the Vulnerable Software and Affected Versions: Rails versions prior to 7.0.2.2 Rails versions prior to 6.1.4.6 Rails versions prior to 6.0.4.6 Rails versions prior to 5.2.6.2 Puma versions prior to 5.6.2 Puma versions prior to 4.3.11 Description: Action Pack is a framework for handling an...