Vulnerabilities > Puma > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-08 | CVE-2024-21647 | HTTP Request Smuggling vulnerability in Puma Puma is a web server for Ruby/Rack applications built for parallelism. | 7.5 |
| 2022-03-30 | CVE-2022-24790 | HTTP Request Smuggling vulnerability in multiple products Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. | 7.5 |
| 2021-05-11 | CVE-2021-29509 | Resource Exhaustion vulnerability in multiple products Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. | 7.5 |
| 2020-05-22 | CVE-2020-11077 | HTTP Request Smuggling vulnerability in multiple products In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. | 7.5 |
| 2020-05-22 | CVE-2020-11076 | HTTP Request Smuggling vulnerability in multiple products In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. | 7.5 |
| 2020-02-28 | CVE-2020-5247 | HTTP Response Splitting vulnerability in multiple products In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. | 7.5 |
| 2019-12-05 | CVE-2019-16770 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. | 7.5 |