Vulnerabilities > Puma > Puma > 4.0.1

DATE CVE VULNERABILITY TITLE RISK
2020-02-28 CVE-2020-5247 In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e.
network
low complexity
ruby-lang puma debian fedoraproject
7.5
7.5
2019-12-05 CVE-2019-16770 In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack.
network
low complexity
puma debian
7.5
7.5