Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntuUbuntuUSN-6682-1
HistoryMar 07, 2024 - 12:00 a.m.

Puma vulnerabilities

2024-03-0700:00:00
ubuntu.com
13
puma
vulnerabilities
ubuntu
http request smuggling
resource leakage
cve-2020-11076
cve-2020-11077
cve-2022-23634
cve-2022-24790
cve-2023-40175
cve-2024-21647

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.4%

JSON

Releases

  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS

Packages

  • puma - threaded HTTP 1.1 server for Ruby/Rack applications

Details

ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-11076)

It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-11077)

Jean Boussier discovered that Puma might not always release resources
properly after handling HTTP requests. A remote attacker could possibly
use this issue to read sensitive information. (CVE-2022-23634)

It was discovered that Puma incorrectly handled certain malformed headers.
A remote attacker could use this issue to perform an HTTP Request Smuggling
attack. (CVE-2022-24790)

Ben Kallus discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could use this issue to perform an HTTP Request Smuggling
attack. (CVE-2023-40175)

Bartek Nowotarski discovered that Puma incorrectly handled parsing certain
encoded content. A remote attacker could possibly use this to cause a
denial of service. (CVE-2024-21647)

OSVersionArchitecturePackageVersionFilename
Ubuntu22.04noarchpuma< 5.5.2-2ubuntu2+esm1UNKNOWN
Ubuntu22.04noarchpuma< 5.5.2-2ubuntu2UNKNOWN
Ubuntu22.04noarchpuma-dbgsym< 5.5.2-2ubuntu2UNKNOWN
Ubuntu20.04noarchpuma< 3.12.4-1ubuntu2+esm1UNKNOWN
Ubuntu20.04noarchpuma< 3.12.4-1ubuntu2UNKNOWN
Ubuntu20.04noarchpuma-dbgsym< 3.12.4-1ubuntu2UNKNOWN

Related

nessus 22
openvas 20
osv 21
ubuntucve 6
prion 6
fedora 4
debian 4
debiancve 6
suse 6
cve 6
redhatcve 6
ubuntu 2
cgr 1
gentoo 1
veracode 6
github 6
wolfi 1
cnvd 1
redhat 5
ibm 2
rocky 1
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)
2024-03-07 00:00:00
openSUSE Security Update : rubygem-puma (openSUSE-2020-1001)
2020-07-20 00:00:00
Debian DLA-2398-1 : puma security update
2020-10-08 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6682-1)
2024-03-08 00:00:00
Debian: Security Advisory (DLA-2398-1)
2020-10-08 00:00:00
Fedora: Security Advisory for rubygem-puma (FEDORA-2022-de968d1b6c)
2022-09-08 00:00:00
osv
osv
puma vulnerabilities
2024-03-07 14:00:06
puma - security update
2020-10-07 00:00:00
CVE-2020-11077
2020-05-22 15:15:11
ubuntucve
ubuntucve
CVE-2022-24790
2022-03-30 00:00:00
CVE-2020-11077
2020-05-22 00:00:00
CVE-2024-21647
2024-01-08 00:00:00
prion
prion
Cross site request forgery (csrf)
2020-05-22 15:15:00
Design/Logic Flaw
2024-01-08 14:15:00
Design/Logic Flaw
2023-08-18 22:15:00
fedora
fedora
[SECURITY] Fedora 33 Update: rubygem-puma-4.3.6-1.fc33
2020-09-25 17:18:05
[SECURITY] Fedora 35 Update: rubygem-puma-4.3.6-5.fc35
2022-09-07 09:56:59
[SECURITY] Fedora 36 Update: rubygem-puma-5.5.2-3.fc36
2022-09-07 10:44:36
debian
debian
[SECURITY] [DLA 2398-1] puma security update
2020-10-07 11:06:30
[SECURITY] [DSA 5146-1] puma security update
2022-05-24 17:49:53
[SECURITY] [DLA 3083-1] puma security update
2022-08-27 19:07:44
debiancve
debiancve
CVE-2020-11077
2020-05-22 15:15:00
CVE-2024-21647
2024-01-08 14:15:47
CVE-2020-11076
2020-05-22 15:15:00
suse
suse
Security update for rubygem-puma (moderate)
2020-07-18 00:00:00
Security update for rubygem-puma (moderate)
2020-07-18 00:00:00
Security update for rubygem-puma (important)
2022-10-13 00:00:00
cve
cve
CVE-2020-11077
2020-05-22 15:15:00
CVE-2024-21647
2024-01-08 14:15:47
CVE-2023-40175
2023-08-18 22:15:11
redhatcve
redhatcve
CVE-2020-11077
2020-06-01 13:51:44
CVE-2024-21647
2024-01-08 22:34:31
CVE-2020-11076
2020-06-01 13:51:44
ubuntu
ubuntu
Puma vulnerability
2024-01-25 00:00:00
Puma vulnerability
2023-09-27 00:00:00
cgr
cgr
CVE-2024-21647 vulnerabilities
2024-04-27 03:20:18
gentoo
gentoo
Puma: Multiple Vulnerabilities
2022-08-14 00:00:00
veracode
veracode
HTTP Request Smuggling
2024-01-09 07:22:47
HTTP Request Smuggling
2020-05-26 05:32:59
HTTP Request Smuggling
2022-03-31 04:16:15
github
github
Puma HTTP Request/Response Smuggling vulnerability
2024-01-08 15:56:48
HTTP Smuggling via Transfer-Encoding Header in Puma
2020-05-22 14:55:09
Puma vulnerable to HTTP Request Smuggling
2022-03-30 21:48:50
wolfi
wolfi
CVE-2024-21647 vulnerabilities
2024-04-27 03:16:47
cnvd
cnvd
Puma Information Breach Vulnerability
2022-02-15 00:00:00
redhat
redhat
(RHSA-2022:8532) Important: Satellite 6.9.10 Async Security Update
2022-11-17 17:13:35
(RHSA-2023:1486) Important: Red Hat Gluster Storage web-admin-build security update
2023-03-28 00:06:18
(RHSA-2024:0797) Important: Satellite 6.14.2 Async Security Update
2024-02-13 14:38:17
ibm
ibm
Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Puma and Amazon Ion.
2024-03-15 13:50:03
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2024-01-31 19:31:55
rocky
rocky
Satellite 6.11 Release
2022-07-05 13:55:16

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.4%

JSON
Related for USN-6682-1
nessus22openvas20osv21ubuntucve6prion6fedora4debian4debiancve6suse6cve6redhatcve6ubuntu2cgr1gentoo1veracode6github6wolfi1cnvd1redhat5ibm2rocky1