pkg:Debian/puma

All known vulnerabilities

• CRITICAL9.8CVE-2023-40175Puma HTTP Request/Response Smuggling vulnerability
  from 0
• CRITICAL9.1CVE-2022-24790Puma vulnerable to HTTP Request Smuggling
  from 0, < 4.3.8-1+deb11u2
• HIGH8.0CVE-2022-23634Puma used with Rails may lead to Information Exposure
  from 0, < 4.3.8-1+deb11u2
• HIGH7.5CVE-2021-29509Puma's Keepalive Connections Causing Denial Of Service
  from 0, < 4.3.8-1
• HIGH7.5CVE-2021-29509Puma's Keepalive Connections Causing Denial Of Service
  from 0, < 3.12.0-2+deb10u3
• HIGH7.5CVE-2020-11076HTTP Smuggling via Transfer-Encoding Header in Puma
  from 0, < 4.3.6-1
• HIGH7.5CVE-2020-11076HTTP Smuggling via Transfer-Encoding Header in Puma
  from 0, < 3.6.0-1+deb9u1
• MEDIUM6.8CVE-2020-11077HTTP Smuggling via Transfer-Encoding Header in Puma
  from 0, < 4.3.6-1
• MEDIUM6.5CVE-2020-5249HTTP Response Splitting (Early Hints) in Puma
  from 0, < 3.12.4-1
• MEDIUM6.5CVE-2020-5247HTTP Response Splitting in Puma
  from 0, < 3.12.4-1
• MEDIUM5.9CVE-2024-21647puma - security update
  from 0, < 4.3.8-1+deb11u3
• MEDIUM5.9CVE-2024-21647puma - security update
  from 0, < 4.3.8-1+deb11u3
• MEDIUM5.4CVE-2024-45614Puma's header normalization allows for client to clobber proxy set headers
  from 0, < 4.3.8-1+deb11u3
• MEDIUM5.3CVE-2019-16770A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack
  from 0, < 3.12.0-4
• MEDIUM5.3CVE-2019-16770A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack
  from 0, < 3.6.0-1+deb9u2
• LOW3.7CVE-2021-41136Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
  from 0, < 4.3.8-1+deb11u2
• LOW3.7CVE-2021-41136Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
  from 0, < 4.3.8-1+deb11u2