Vulnerabilities > Puma > Puma > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-08 CVE-2024-21647 HTTP Request Smuggling vulnerability in Puma
Puma is a web server for Ruby/Rack applications built for parallelism.
network
low complexity
puma CWE-444
7.5
2022-03-30 CVE-2022-24790 HTTP Request Smuggling vulnerability in multiple products
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications.
network
low complexity
puma debian fedoraproject CWE-444
7.5
2021-05-11 CVE-2021-29509 Resource Exhaustion vulnerability in multiple products
Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications.
network
low complexity
puma debian CWE-400
7.5
2020-05-22 CVE-2020-11077 HTTP Request Smuggling vulnerability in multiple products
In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client.
network
low complexity
puma fedoraproject debian opensuse CWE-444
7.5
2020-05-22 CVE-2020-11076 HTTP Request Smuggling vulnerability in multiple products
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header.
network
low complexity
puma fedoraproject debian CWE-444
7.5
2020-02-28 CVE-2020-5247 HTTP Response Splitting vulnerability in multiple products
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e.
network
low complexity
ruby-lang puma debian fedoraproject CWE-113
7.5
2019-12-05 CVE-2019-16770 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack.
network
low complexity
puma debian CWE-770
7.5