2.11.2

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-19	CVE-2024-45614	HTTP Request Smuggling vulnerability in Puma Puma is a Ruby/Rack web server built for parallelism. network high complexity puma CWE-444	5.4
2024-01-08	CVE-2024-21647	Unspecified vulnerability in Puma Puma is a web server for Ruby/Rack applications built for parallelism. network low complexity puma	7.5
2023-08-18	CVE-2023-40175	Unspecified vulnerability in Puma Puma is a Ruby/Rack web server built for parallelism. network low complexity puma critical	9.8
2022-03-30	CVE-2022-24790	Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. network low complexity puma debian fedoraproject	7.5
2022-02-11	CVE-2022-23634	Improper Resource Shutdown or Release vulnerability in multiple products Puma is a Ruby/Rack web server built for parallelism. network high complexity puma rubyonrails debian fedoraproject CWE-404	5.9
2021-10-12	CVE-2021-41136	Puma is a HTTP 1.1 server for Ruby/Rack applications. network high complexity puma debian	3.7
2021-05-11	CVE-2021-29509	Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. network low complexity puma debian	7.5
2020-03-02	CVE-2020-5249	Injection vulnerability in Puma In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject malicious content, such as additional headers or an entirely new response body. network low complexity puma CWE-74	6.5
2020-02-28	CVE-2020-5247	In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. network low complexity ruby-lang puma debian fedoraproject	7.5