ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11076) It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11077) Jean Boussier discovered that Puma might not always release resources properly after handling HTTP requests. A remote attacker could possibly use this issue to read sensitive information. (CVE-2022-23634) It was discovered that Puma incorrectly handled certain malformed headers. A remote attacker could use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-24790) Ben Kallus discovered that Puma incorrectly handled parsing certain headers. A remote attacker could use this issue to perform an HTTP Request Smuggling attack. (CVE-2023-40175) Bartek Nowotarski discovered that Puma incorrectly handled parsing certain encoded content. A remote attacker could possibly use this to cause a denial of service. (CVE-2024-21647)
Continue reading...
Continue reading...
