Search CVE reports


Toggle filters

11 – 14 of 14 results


CVE-2020-11076

Medium priority

Some fixes available 1 of 5

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Not affected Not affected Fixed Not in release
Show less packages

CVE-2020-5249

Medium priority
Ignored

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as...

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Not affected Not in release
Show less packages

CVE-2020-5247

Medium priority
Ignored

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject...

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Not affected Not in release
Show less packages

CVE-2019-16770

Medium priority
Ignored

In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are...

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Not affected Not in release
Show less packages