AVG-2764 log

Package ruby-puma
Status Unknown
Severity High
Type unknown
Affected 5.6.3-1
Fixed 5.6.4-1
Current 5.6.4-1 [community]
Ticket None
Created Wed Jun 15 18:43:21 2022
Issue Severity Remote Type Description
CVE-2022-24790 Unknown Yes Unknown
Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on...
CVE-2022-23634 High Yes Unknown
puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its...
CVE-2021-41136 Low Yes Unknown
Using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. Puma is only aware of a single proxy server which...