| CVE-2022-24790 |
high |
— |
8.0 |
|
|
|
4y ago |
Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the … |
| CVE-2022-23634 |
medium |
— |
5.5 |
|
|
|
4y ago |
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the resp… |
| CVE-2021-41136 |
medium |
— |
5.5 |
|
|
|
5y ago |
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP re… |
| CVE-2026-47736 |
unknown |
— |
— |
|
|
|
11d ago |
Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion |
| CVE-2026-47737 |
unknown |
— |
— |
|
|
|
11d ago |
Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on |
