4 matches found
EUVD-2021-2154
Malware in sbrugna...
Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6682-1 advisory. ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTT...
CVE-2024-21647 HTTP Request/Response Smuggling in puma
Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an...
Debian DLA-2398-1 : puma security update
Several security vulnerabilities have been discovered in puma, highly concurrent HTTP server for Ruby/Rack applications. CVE-2020-11076 By using an invalid transfer-encoding header, an attacker could smuggle an HTTP response. CVE-2020-11077 client could smuggle a request through a proxy, causing...