0.002 Low
EPSS
Percentile
64.9%
puma is vulnerable to HTTP request smuggling. Incorrect handling of HTTP requests with LF characters as line endings, allows a remote attacker to smuggle a request through a proxy, causing the proxy to send a response back to the victim.
LF
github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f
github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
lists.debian.org/debian-lts-announce/2022/08/msg00015.html
security.gentoo.org/glsa/202208-28
www.debian.org/security/2022/dsa-5146