ruby-puma

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A Ruby/Rack web server built for concurrency
Version 5.6.4-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2764 5.6.3-1 5.6.4-1 High Unknown
Issue Group Severity Remote Type Description
CVE-2022-24790 AVG-2764 Unknown Yes Unknown
Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on...
CVE-2022-23634 AVG-2764 High Yes Unknown
puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its...
CVE-2021-41136 AVG-2764 Low Yes Unknown
Using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. Puma is only aware of a single proxy server which...