Lucene search

K

Veracode Vulnerability DatabaseVERACODE:34201

HistoryFeb 14, 2022 - 9:11 a.m.

Information Disclosure

2022-02-1409:11:49

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

11

0.002 Low

EPSS

Percentile

56.7%

puma is vulnerable to information disclosure. Puma not closing the body, enables remote attackers to gain access to sensitive information because the library depends on the response body being closed in order for its CurrentAttributes implementation to work correctly.

CPENameOperatorVersion
pumale5.6.1
puma:bullseyeeq4.3.6-1
puma:bullseyeeq4.3.6-1+b1
puma:bustereq3.12.0-2+deb10u2
puma:bustereq3.12.0-2+deb10u1
puma:sideq4.3.6-1
puma:sideq4.3.6-1+b1
pumale5.6.1
puma:bullseyeeq4.3.6-1
puma:bullseyeeq4.3.6-1+b1

Rows per page:

1-10 of 181

References

github.com/advisories/GHSA-rmj8-8hhh-gv5h

github.com/advisories/GHSA-wh98-p28r-vrc9

github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb

github.com/puma/puma/pull/2809

github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h

groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1

lists.debian.org/debian-lts-announce/2022/05/msg00034.html

lists.debian.org/debian-lts-announce/2022/08/msg00015.html

lists.fedoraproject.org/archives/list/[email protected]/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/

lists.fedoraproject.org/archives/list/[email protected]/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/

lists.fedoraproject.org/archives/list/[email protected]/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/

security.gentoo.org/glsa/202208-28

www.debian.org/security/2022/dsa-5146

0.002 Low

EPSS

Percentile

56.7%

Related for VERACODE:34201

cnvd1 nvd1 ubuntucve1 redhatcve1 openvas10 cve1 debiancve1 prion1 cvelist1 osv9 github1 fedora3 nessus9 suse1 debian3 gentoo1 ubuntu1 redhat1 rocky1