Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A Ruby/Rack web server built for concurrency
Version 5.6.5-2 [community]


Group Affected Fixed Severity Status Ticket
AVG-2764 5.6.3-1 5.6.4-1 High Unknown
Issue Group Severity Remote Type Description
CVE-2022-24790 AVG-2764 Unknown Yes Unknown
Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on...
CVE-2022-23634 AVG-2764 High Yes Unknown
puma may not always call close on the response body. Rails, prior to version, depended on the response body being closed in order for its...
CVE-2021-41136 AVG-2764 Low Yes Unknown
Using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. Puma is only aware of a single proxy server which...