Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

rubygems

puma

rubygems

Puma is a simple, fast, multi-threaded, and highly parallel HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly parallel Ruby implementations such as JRuby and TruffleRuby as well as as providing process worker support to support CRuby well.

View on github.com · View on rubygems.org

Security Advisories for puma in rubygems

Moderate
about 1 year ago

Puma's header normalization allows for client to clobber proxy set headers GSA_kwCzR0hTQS05aGY0LTY3ZmMtNHZmNM4AA_tB

rubygems puma
Moderate
almost 2 years ago

Puma HTTP Request/Response Smuggling vulnerability GSA_kwCzR0hTQS1jMmY0LWN2cW0tNjV3Ms4AA4Qh

rubygems puma
Critical
about 2 years ago

Puma HTTP Request/Response Smuggling vulnerability GSA_kwCzR0hTQS02OHhnLWdxcW0tdmdqOM4AA1Yw

rubygems puma
Critical
over 3 years ago

Puma vulnerable to HTTP Request Smuggling GSA_kwCzR0hTQS1oOTl3LTlxNXItZ2pxOc028Q

rubygems puma
High
over 3 years ago

Puma used with Rails may lead to Information Exposure GSA_kwCzR0hTQS1ybWo4LThoaGgtZ3Y1aM0rDw

rubygems puma
Low
about 4 years ago

Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling GSA_kwCzR0hTQS00OHcyLXJtNjUtNjJ4eM0Whw

rubygems puma
High
over 4 years ago

Puma's Keepalive Connections Causing Denial Of Service MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyOG0tOHhqdy04dnI1

rubygems puma
Moderate
over 5 years ago

HTTP Smuggling via Transfer-Encoding Header in Puma MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2NHctcXFwaC01Z3ht

rubygems puma
High
over 5 years ago

HTTP Smuggling via Transfer-Encoding Header in Puma MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3amctNnB3Zy1meDVo

rubygems puma
Moderate
over 5 years ago

HTTP Response Splitting (Early Hints) in Puma MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzdmYtNHhnZy05cjU4

rubygems puma
Moderate
over 5 years ago

HTTP Response Splitting in Puma MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0ajctNDc1cC1ocDh2

rubygems puma
Moderate
almost 6 years ago

A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4eDMtbTU4NC14OTk0

rubygems puma

Filter by Severity

Moderate 6 High 3 Critical 2 Low 1