puma is vulnerable to information disclosure. Puma not closing the body, enables remote attackers to gain access to sensitive information because the library depends on the response body being closed in order for its CurrentAttributes
implementation to work correctly.
github.com/advisories/GHSA-rmj8-8hhh-gv5h
github.com/advisories/GHSA-wh98-p28r-vrc9
github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb
github.com/puma/puma/pull/2809
github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1
lists.debian.org/debian-lts-announce/2022/05/msg00034.html
lists.debian.org/debian-lts-announce/2022/08/msg00015.html
lists.fedoraproject.org/archives/list/[email protected]/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/
lists.fedoraproject.org/archives/list/[email protected]/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/
lists.fedoraproject.org/archives/list/[email protected]/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/
security.gentoo.org/glsa/202208-28
www.debian.org/security/2022/dsa-5146