9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.2%
puma is vulnerable to HTTP Request Smuggling. The vulnerability exists due to processing zero-length content-Length headers and chunked transfer encoding bodies in client.rb
, allowing an attacker to smuggle HTTP requests.
github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a
github.com/puma/puma/commit/7405a219801dcebc0ad6e0aa108d4319ca23f662
github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1
github.com/puma/puma/releases/tag/v5.6.7
github.com/puma/puma/releases/tag/v6.3.1
github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8
github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2023-40175.yml