Home/Product/puma
Product

puma

14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2024-45614
< 5.6.9
Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxie
5.4MEDIUM
 CVE-2024-21647
< 5.6.8
Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior w
5.9MEDIUM
 CVE-2023-40175
< 5.6.7
Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when pa
7.3HIGH
 CVE-2022-24790
< 4.3.12
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that d
9.1CRITICAL
 CVE-2022-23634
< 4.3.11
Puma is a Ruby/Rack web server built for parallelism. Prior to puma version 5.6.2, puma may not always call close on the r
8.0HIGH
 CVE-2021-41136
<= 4.3.8
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using puma with a proxy which forwards
3.7LOW
 CVE-2021-29509
< 4.3.8
Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only
7.5HIGH
 CVE-2020-11077
>= 3.0.0 and < 3.12.6
In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response
6.8MEDIUM
 CVE-2020-11076
>= 3.0.0 and < 3.12.6
In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding heade
7.5HIGH
 CVE-2020-5249
<= 3.12.3
In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attack
6.5MEDIUM
 CVE-2020-5247
<= 3.12.3
In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an att
6.5MEDIUM
 CVE-2019-16770
>= 3.0.0 and < 3.12.2
In Puma before versions 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and cr
5.3MEDIUM
 CVE-2017-8943
all versions
The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers
5.9MEDIUM
 CVE-2006-4713
all versions
PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP co
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin