Search CVE reports


Toggle filters

1 – 10 of 14 results


CVE-2026-47737

Medium priority
Needs evaluation

Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when set_remote_address proxy_protocol: :v1 is enabled and persistent connections are used because...

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2026-47736

Medium priority
Needs evaluation

Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, when PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer while waiting for CRLF to determine whether a...

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2024-45614

Medium priority
Fixed

Puma is a Ruby/Rack web server built for parallelism. In affected versions clients could clobber values set by intermediate proxies (such as X-Forwarded-For) by providing a underscore version of the same header (X-Forwarded_For)....

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Fixed Fixed Fixed Fixed
Show less packages

CVE-2024-21647

Medium priority
Fixed

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed...

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Not affected Not affected Fixed Fixed Ignored
Show less packages

CVE-2023-40175

Medium priority
Fixed

Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed...

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Fixed Fixed Fixed Fixed Ignored
Show less packages

CVE-2022-24790

Medium priority

Some fixes available 2 of 4

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the...

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Not affected Not affected Fixed Fixed
Show less packages

CVE-2022-23634

Medium priority

Some fixes available 2 of 4

Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order...

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Not affected Not affected Fixed Fixed
Show less packages

CVE-2021-41136

Medium priority
Ignored

Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client...

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Not affected Not affected
Show less packages

CVE-2021-29509

Medium priority
Ignored

Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by...

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Not affected Not affected Not in release
Show less packages

CVE-2020-11077

Medium priority

Some fixes available 1 of 5

In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another...

1 affected package

puma

Package 26.04 LTS 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS
puma Not affected Not affected Fixed Not in release
Show less packages