ruby-puma
| Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
| Description | A Ruby/Rack web server built for concurrency |
| Version | 5.6.5-2 [extra] |
Open
| Group | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|
| AVG-2764 | 5.6.3-1 | 5.6.4-1 | High | Unknown |
| Issue | Group | Severity | Remote | Type | Description |
|---|---|---|---|---|---|
| CVE-2022-24790 | AVG-2764 | Unknown | Yes | Unknown | Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on... |
| CVE-2022-23634 | AVG-2764 | High | Yes | Unknown | puma may not always call close on the response body. Rails, prior to version 7.0.2.2, depended on the response body being closed in order for its... |
| CVE-2021-41136 | AVG-2764 | Low | Yes | Unknown | Using puma with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. Puma is only aware of a single proxy server which... |