rubygem-puma (SUSE:Linux Enterprise High Availability Extension 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Availability Extension 15 package rubygem-puma, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2022-24790 — CVSS 9.1 (critical): Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not…
CVE-2022-23634 — CVSS 8.0 (high): Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response…
CVE-2020-11076 — CVSS 7.5 (high): In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The…
CVE-2021-29509 — CVSS 7.5 (high): Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected…
CVE-2020-11077 — CVSS 6.8 (medium): In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to…
CVE-2021-41136 — CVSS 3.7 (low): Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP…