AVG-2764 log

Package ruby-puma
Status Unknown
Severity High
Type unknown
Affected 5.6.3-1
Fixed 5.6.4-1
Current 5.6.5-2 [community]
Ticket None
Created Wed Jun 15 18:43:21 2022
Issue Severity Remote Type Description
CVE-2022-24790 Unknown Yes Unknown
Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on...
CVE-2022-23634 High Yes Unknown
puma may not always call close on the response body. Rails, prior to version, depended on the response body being closed in order for its...
CVE-2021-41136 Low Yes Unknown
Using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. Puma is only aware of a single proxy server which...