Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 12 results


CVE-2024-45614

Medium priority
Fixed

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For)....

1 affected packages

puma

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puma Fixed Fixed Fixed
Show less packages

CVE-2024-21647

Medium priority
Fixed

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed...

1 affected packages

puma

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puma Not affected Fixed Fixed Ignored Ignored
Show less packages

CVE-2023-40175

Medium priority
Fixed

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed...

1 affected packages

puma

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puma Fixed Fixed Fixed Ignored Ignored
Show less packages

CVE-2022-24790

Medium priority

Some fixes available 2 of 4

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the...

1 affected packages

puma

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puma Not affected Fixed Fixed Ignored
Show less packages

CVE-2022-23634

Medium priority

Some fixes available 2 of 4

Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order...

1 affected packages

puma

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puma Not affected Fixed Fixed Ignored
Show less packages

CVE-2021-41136

Medium priority
Ignored

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client...

1 affected packages

puma

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puma Not affected Not affected Ignored
Show less packages

CVE-2021-29509

Medium priority
Ignored

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by...

1 affected packages

puma

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puma Not affected Not affected Not in release Ignored
Show less packages

CVE-2020-11077

Medium priority

Some fixes available 1 of 5

In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another...

1 affected packages

puma

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puma Not affected Not affected Fixed Not in release Not in release
Show less packages

CVE-2020-11076

Medium priority

Some fixes available 1 of 5

In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

1 affected packages

puma

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puma Not affected Not affected Fixed Not in release Not in release
Show less packages

CVE-2020-5249

Medium priority
Ignored

In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as...

1 affected packages

puma

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
puma Not affected Not in release Not in release
Show less packages