Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:USN-6682-1
HistoryMar 07, 2024 - 2:00 p.m.

puma vulnerabilities

2024-03-0714:00:06
Google
osv.dev
9
puma
ubuntu 20.04
http request smuggling
resource leakage
sensitive information
denial of service

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.2%

JSON

ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-11076)

It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to perform an HTTP Request
Smuggling attack. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-11077)

Jean Boussier discovered that Puma might not always release resources
properly after handling HTTP requests. A remote attacker could possibly
use this issue to read sensitive information. (CVE-2022-23634)

It was discovered that Puma incorrectly handled certain malformed headers.
A remote attacker could use this issue to perform an HTTP Request Smuggling
attack. (CVE-2022-24790)

Ben Kallus discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could use this issue to perform an HTTP Request Smuggling
attack. (CVE-2023-40175)

Bartek Nowotarski discovered that Puma incorrectly handled parsing certain
encoded content. A remote attacker could possibly use this to cause a
denial of service. (CVE-2024-21647)

Related

nessus 26
ubuntu 3
openvas 20
fedora 4
prion 6
debian 4
debiancve 6
ubuntucve 6
osv 20
suse 6
nvd 6
cve 6
redhatcve 6
cvelist 6
cgr 1
gentoo 1
veracode 6
github 6
wolfi 1
cnvd 1
redhat 5
ibm 3
rocky 1
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS : Puma vulnerabilities (USN-6682-1)
2024-03-07 00:00:00
openSUSE Security Update : rubygem-puma (openSUSE-2020-1001)
2020-07-20 00:00:00
Fedora 40 : rubygem-puma (2024-c393b8b2fb)
2024-04-29 00:00:00
ubuntu
ubuntu
Puma vulnerabilities
2024-03-07 00:00:00
Puma vulnerability
2024-01-25 00:00:00
Puma vulnerability
2023-09-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6682-1)
2024-03-08 00:00:00
Debian: Security Advisory (DLA-2398-1)
2020-10-08 00:00:00
openSUSE: Security Advisory for rubygem-puma (openSUSE-SU-2020:1001-1)
2020-07-19 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: rubygem-puma-4.3.6-1.fc33
2020-09-25 17:18:05
[SECURITY] Fedora 37 Update: rubygem-puma-5.6.5-1.fc37
2022-09-12 17:53:51
[SECURITY] Fedora 35 Update: rubygem-puma-4.3.6-5.fc35
2022-09-07 09:56:59
prion
prion
Cross site request forgery (csrf)
2020-05-22 15:15:00
Design/Logic Flaw
2024-01-08 14:15:00
Code injection
2020-05-22 15:15:00
debian
debian
[SECURITY] [DLA 2398-1] puma security update
2020-10-07 11:06:30
[SECURITY] [DSA 5146-1] puma security update
2022-05-24 17:49:53
[SECURITY] [DLA 3083-1] puma security update
2022-08-27 19:07:44
debiancve
debiancve
CVE-2020-11077
2020-05-22 15:15:11
CVE-2024-21647
2024-01-08 14:15:47
CVE-2020-11076
2020-05-22 15:15:11
ubuntucve
ubuntucve
CVE-2022-24790
2022-03-30 00:00:00
CVE-2020-11077
2020-05-22 00:00:00
CVE-2024-21647
2024-01-08 00:00:00
osv
osv
puma - security update
2020-10-07 00:00:00
CVE-2020-11077
2020-05-22 15:15:11
puma - security update
2022-05-24 00:00:00
suse
suse
Security update for rubygem-puma (moderate)
2020-07-18 00:00:00
Security update for rubygem-puma (moderate)
2020-07-18 00:00:00
Security update for rubygem-puma (important)
2022-10-13 00:00:00
nvd
nvd
CVE-2020-11077
2020-05-22 15:15:11
CVE-2024-21647
2024-01-08 14:15:47
CVE-2023-40175
2023-08-18 22:15:11
cve
cve
CVE-2020-11077
2020-05-22 15:15:11
CVE-2023-40175
2023-08-18 22:15:11
CVE-2024-21647
2024-01-08 14:15:47
redhatcve
redhatcve
CVE-2020-11077
2020-06-01 13:51:44
CVE-2020-11076
2020-06-01 13:51:44
CVE-2023-40175
2023-08-22 17:50:39
cvelist
cvelist
CVE-2020-11077 HTTP Smuggling via Transfer-Encoding Header in Puma
2020-05-22 14:55:13
CVE-2024-21647 HTTP Request/Response Smuggling in puma
2024-01-08 13:45:27
CVE-2020-11076 HTTP Smuggling via Transfer-Encoding Header in Puma
2020-05-22 14:50:12
cgr
cgr
CVE-2024-21647 vulnerabilities
2024-05-19 03:07:16
gentoo
gentoo
Puma: Multiple Vulnerabilities
2022-08-14 00:00:00
veracode
veracode
HTTP Request Smuggling
2020-05-26 05:32:59
HTTP Request Smuggling
2024-01-09 07:22:47
HTTP Request Smuggling
2020-05-26 03:02:20
github
github
Puma HTTP Request/Response Smuggling vulnerability
2024-01-08 15:56:48
HTTP Smuggling via Transfer-Encoding Header in Puma
2020-05-22 14:55:09
Puma HTTP Request/Response Smuggling vulnerability
2023-08-18 21:50:05
wolfi
wolfi
CVE-2024-21647 vulnerabilities
2024-07-05 15:46:04
cnvd
cnvd
Puma Information Breach Vulnerability
2022-02-15 00:00:00
redhat
redhat
(RHSA-2022:8532) Important: Satellite 6.9.10 Async Security Update
2022-11-17 17:13:35
(RHSA-2023:1486) Important: Red Hat Gluster Storage web-admin-build security update
2023-03-28 00:06:18
(RHSA-2024:0797) Important: Satellite 6.14.2 Async Security Update
2024-02-13 14:38:17
ibm
ibm
Security Bulletin: IBM Instana Observability is affected by Vulnerabilities in Puma and Amazon Ion.
2024-03-15 13:50:03
Security Bulletin: IBM Operational Decision Manager for April 2024 - Multiple CVEs addressed
2024-05-17 04:36:41
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2024-01-31 19:31:55
rocky
rocky
Satellite 6.11 Release
2022-07-05 13:55:16

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.2%

JSON
Related for OSV:USN-6682-1
nessus26ubuntu3openvas20fedora4prion6debian4debiancve6ubuntucve6osv20suse6nvd6cve6redhatcve6cvelist6cgr1gentoo1veracode6github6wolfi1cnvd1redhat5ibm3rocky1