Количество 8
Количество 8
GHSA-h99w-9q5r-gjq9
Puma vulnerable to HTTP Request Smuggling
CVE-2022-24790
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.
CVE-2022-24790
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.
CVE-2022-24790
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.
CVE-2022-24790
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for R ...
SUSE-SU-2022:3571-1
Security update for rubygem-puma
BDU:2024-07776
Уязвимость HTTP-сервера для Ruby/Rack приложений Puma, позволяющая нарушителю вызвать отказ в обслуживании
ROS-20241001-03
Множественные уязвимости rubygem-puma
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-h99w-9q5r-gjq9 Puma vulnerable to HTTP Request Smuggling | CVSS3: 9.1 | 0% Низкий | около 3 лет назад |
 | CVE-2022-24790 Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. | CVSS3: 9.1 | 0% Низкий | около 3 лет назад |
 | CVE-2022-24790 Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. | CVSS3: 7.5 | 0% Низкий | около 3 лет назад |
 | CVE-2022-24790 Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard. | CVSS3: 9.1 | 0% Низкий | около 3 лет назад |
| CVE-2022-24790 Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for R ... | CVSS3: 9.1 | 0% Низкий | около 3 лет назад |
 | SUSE-SU-2022:3571-1 Security update for rubygem-puma | 0% Низкий | больше 2 лет назад | |
 | BDU:2024-07776 Уязвимость HTTP-сервера для Ruby/Rack приложений Puma, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 9.1 | 0% Низкий | около 3 лет назад |
 | ROS-20241001-03 Множественные уязвимости rubygem-puma | CVSS3: 9.8 | 9 месяцев назад |
Уязвимостей на страницу