Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puma puma vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv2
CVE-2017-5693
Firmware in the Intel Puma 5, 6, and 7 Series might experience resource depletion or timeout, which allows a network malicious user to create a denial of service via crafted network traffic.
Intel Puma Firmware 5.0
Intel Puma Firmware 6.0 Soc
Intel Puma Firmware 7.0 Soc
4 Github repositories
1 Article
7.5
CVSSv2
CVE-2006-4713
PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote malicious users to execute arbitrary PHP code via a URL in the fpath parameter.
Psywerks Puma 1.0 Rc2
1 EDB exploit
5
CVSSv2
CVE-2022-24790
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request sta...
Puma Puma
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5
CVSSv2
CVE-2021-29509
Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threa...
Puma Puma
Debian Debian Linux 10.0
5
CVSSv2
CVE-2020-11076
In Puma (RubyGem) prior to 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.
Puma Puma
Fedoraproject Fedora 33
Debian Debian Linux 9.0
5
CVSSv2
CVE-2020-11077
In Puma (RubyGem) prior to 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may m...
Puma Puma
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Opensuse Leap 15.1
Opensuse Leap 15.2
5
CVSSv2
CVE-2020-5247
In Puma (RubyGem) prior to 4.3.2 and prior to 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to end the header and inject malicious content, such as additional headers or an e...
Ruby-lang Ruby
Puma Puma
Ruby-lang Ruby 2.7.0
Debian Debian Linux 9.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
5
CVSSv2
CVE-2019-16770
In Puma prior to 3.12.2 and 4.3.1, a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait per...
Puma Puma
Debian Debian Linux 9.0
5
CVSSv2
CVE-2019-16254
Ruby up to and including 2.4.7, 2.5.x up to and including 2.5.6, and 2.6.x up to and including 2.6.4 allows HTTP Response Splitting. If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a he...
Ruby-lang Ruby
Debian Debian Linux 8.0
4.3
CVSSv2
CVE-2022-23634
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to wor...
Puma Puma
Rubyonrails Rails
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »