Lucene search
Veracode Vulnerability DatabaseVERACODE:32475HistoryOct 13, 2021 - 5:54 a.m.
HTTP Request Smuggling
2021-10-1305:54:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
0.002 Low
EPSS
Percentile
64.9%
puma is vulnerable to HTTP request smuggling. Incorrect handling of HTTP requests with LF characters as line endings, allows a remote attacker to smuggle a request through a proxy, causing the proxy to send a response back to the victim.
Related
nvd
nvd
CVE-2021-41136
2021-10-12 16:15:07
debiancve
debiancve
CVE-2021-41136
2021-10-12 16:15:07
osv
osv
CVE-2021-41136
2021-10-12 16:15:07
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
2021-10-12 17:53:00
puma - security update
2022-05-24 00:00:00
cve
cve
CVE-2021-41136
2021-10-12 16:15:07
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2021-10-12 16:15:00
github
github
redhatcve
redhatcve
CVE-2021-41136
2021-10-13 04:42:54
ubuntucve
ubuntucve
CVE-2021-41136
2021-10-12 00:00:00
nessus
nessus
Debian DSA-5146-1 : puma - security update
2022-05-24 00:00:00
SUSE SLES15 Security Update : rubygem-puma (SUSE-SU-2022:1515-1)
2022-05-05 00:00:00
Debian DLA-3083-1 : puma - LTS security update
2022-09-02 00:00:00
suse
suse
Security update for rubygem-puma (important)
2022-05-04 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5146-1)
2022-05-25 00:00:00
openSUSE: Security Advisory for rubygem-puma (SUSE-SU-2022:1515-1)
2022-05-17 00:00:00
Debian: Security Advisory (DLA-3083-1)
2022-08-28 00:00:00
debian
debian
[SECURITY] [DSA 5146-1] puma security update
2022-05-24 17:49:53
[SECURITY] [DLA 3083-1] puma security update
2022-08-27 19:07:44
gentoo
gentoo
Puma: Multiple Vulnerabilities
2022-08-14 00:00:00
redhat
redhat
(RHSA-2022:5498) Moderate: Satellite 6.11 Release
2022-07-05 13:55:16
rocky
rocky
Satellite 6.11 Release
2022-07-05 13:55:16