VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Puma
>
Puma
> High
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-01-08
CVE-2024-21647
Unspecified vulnerability in Puma
Puma is a web server for Ruby/Rack applications built for parallelism.
network
low complexity
puma
7.5
7.5
2022-03-30
CVE-2022-24790
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications.
network
low complexity
puma
debian
fedoraproject
7.5
7.5
2021-05-11
CVE-2021-29509
Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications.
network
low complexity
puma
debian
7.5
7.5
2020-05-22
CVE-2020-11077
In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client.
network
low complexity
puma
fedoraproject
debian
opensuse
7.5
7.5
2020-05-22
CVE-2020-11076
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header.
network
low complexity
puma
fedoraproject
debian
7.5
7.5
2020-02-28
CVE-2020-5247
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e.
network
low complexity
ruby-lang
puma
debian
fedoraproject
7.5
7.5
2019-12-05
CVE-2019-16770
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack.
network
low complexity
puma
debian
7.5
7.5