Lucene search

Veracode Vulnerability DatabaseVERACODE:42888

HistoryAug 22, 2023 - 2:17 p.m.

HTTP Request Smuggling

2023-08-2214:17:09

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

puma

vulnerability

http request smuggling

zero-length content-length

chunked transfer encoding

0.003 Low

EPSS

Percentile

64.9%

JSON

puma is vulnerable to HTTP Request Smuggling. The vulnerability exists due to processing zero-length content-Length headers and chunked transfer encoding bodies in client.rb, allowing an attacker to smuggle HTTP requests.

CPENameOperatorVersion
pumale5.6.6
pumale6.3.0
pumale5.6.6
pumale6.3.0
puma:sideq4.3.6-1
puma:sideq4.3.6-1+b1

Name	Operator	Version
puma	le	5.6.6
puma	le	6.3.0
puma	le	5.6.6
puma	le	6.3.0
puma:sid	eq	4.3.6-1
puma:sid	eq	4.3.6-1+b1

References

github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a

github.com/puma/puma/commit/7405a219801dcebc0ad6e0aa108d4319ca23f662

github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1

github.com/puma/puma/releases/tag/v5.6.7

github.com/puma/puma/releases/tag/v6.3.1

github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8

github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2023-40175.yml

0.003 Low

EPSS

Percentile

64.9%

JSON

Related for VERACODE:42888