pkg:RubyGems/puma

12 total CVEsCRITICAL2HIGH3MEDIUM6LOW1

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2023-40175Puma HTTP Request/Response Smuggling vulnerability
    from 0, < 5.6.7
  • CRITICAL9.1CVE-2022-24790Puma vulnerable to HTTP Request Smuggling
    >= 5.0.0, < 5.6.4
  • HIGH8.0CVE-2022-23634Puma used with Rails may lead to Information Exposure
    >= 5.0.0, < 5.6.2
  • HIGH7.5CVE-2021-29509Puma's Keepalive Connections Causing Denial Of Service
    from 0, < 4.3.8
  • HIGH7.5CVE-2020-11076HTTP Smuggling via Transfer-Encoding Header in Puma
    from 0, < 3.12.5
  • MEDIUM6.8CVE-2020-11077HTTP Smuggling via Transfer-Encoding Header in Puma
    from 0, < 3.12.6
  • MEDIUM6.5CVE-2020-5249HTTP Response Splitting (Early Hints) in Puma
    from 0, < 3.12.4
  • MEDIUM6.5CVE-2020-5247HTTP Response Splitting in Puma
    from 0, < 3.12.4
  • MEDIUM5.9CVE-2024-21647puma - security update
    >= 6.0.0, < 6.4.2
  • MEDIUM5.4CVE-2024-45614Puma's header normalization allows for client to clobber proxy set headers
    from 0, < 5.6.9
  • MEDIUM5.3CVE-2019-16770A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack
    from 0, < 3.12.2
  • LOW3.7CVE-2021-41136Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
    >= 5.0.0, < 5.5.1