3.12.5

DATE	CVE	VULNERABILITY TITLE	RISK
2024-09-19	CVE-2024-45614	HTTP Request Smuggling vulnerability in Puma Puma is a Ruby/Rack web server built for parallelism. network high complexity puma CWE-444	5.4
2024-01-08	CVE-2024-21647	Unspecified vulnerability in Puma Puma is a web server for Ruby/Rack applications built for parallelism. network low complexity puma	7.5
2023-08-18	CVE-2023-40175	Unspecified vulnerability in Puma Puma is a Ruby/Rack web server built for parallelism. network low complexity puma critical	9.8
2022-03-30	CVE-2022-24790	Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. network low complexity puma debian fedoraproject	7.5
2022-02-11	CVE-2022-23634	Improper Resource Shutdown or Release vulnerability in multiple products Puma is a Ruby/Rack web server built for parallelism. network high complexity puma rubyonrails debian fedoraproject CWE-404	5.9
2021-10-12	CVE-2021-41136	Puma is a HTTP 1.1 server for Ruby/Rack applications. network high complexity puma debian	3.7
2021-05-11	CVE-2021-29509	Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. network low complexity puma debian	7.5
2020-05-22	CVE-2020-11077	In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. network low complexity puma fedoraproject debian opensuse	7.5
2020-05-22	CVE-2020-11076	In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. network low complexity puma fedoraproject debian	7.5