AVG-2764 log
| Package | ruby-puma |
| Status | Unknown |
| Severity | High |
| Type | unknown |
| Affected | 5.6.3-1 |
| Fixed | 5.6.4-1 |
| Current | 6.4.2-3 [extra] |
| Ticket | None |
| Created | Wed Jun 15 18:43:21 2022 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2022-24790 | Unknown | Yes | Unknown | Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on... |
| CVE-2022-23634 | High | Yes | Unknown | puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its... |
| CVE-2021-41136 | Low | Yes | Unknown | Using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. Puma is only aware of a single proxy server which... |