Vulnerabilities > Puma

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-28	CVE-2020-5247	HTTP Response Splitting vulnerability in multiple products In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. network low complexity ruby-lang puma debian fedoraproject CWE-113	7.5
2019-12-05	CVE-2019-16770	Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. network low complexity puma debian CWE-770	7.5
2017-05-15	CVE-2017-8943	Improper Certificate Validation vulnerability in Puma Pumatrac 3.0.2 The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. network high complexity puma CWE-295	5.9

Vulnerabilities > Puma {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Puma"}]}