5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
puma is vulnerable to information disclosure. Puma not closing the body, enables remote attackers to gain access to sensitive information because the library depends on the response body being closed in order for its CurrentAttributes
implementation to work correctly.
github.com/advisories/GHSA-rmj8-8hhh-gv5h
github.com/advisories/GHSA-wh98-p28r-vrc9
github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
github.com/puma/puma/pull/2809
github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1
lists.debian.org/debian-lts-announce/2022/05/msg00034.html
lists.debian.org/debian-lts-announce/2022/08/msg00015.html
lists.fedoraproject.org/archives/list/[email protected]/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/
lists.fedoraproject.org/archives/list/[email protected]/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/
lists.fedoraproject.org/archives/list/[email protected]/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/
security.gentoo.org/glsa/202208-28
www.debian.org/security/2022/dsa-5146
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N