USN-6682-1: Puma vulnerabilities

First published: Thu Mar 07 2024(Updated: )

ZeddYu Lu discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11076) It was discovered that Puma incorrectly handled parsing certain headers. A remote attacker could possibly use this issue to perform an HTTP Request Smuggling attack. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11077) Jean Boussier discovered that Puma might not always release resources properly after handling HTTP requests. A remote attacker could possibly use this issue to read sensitive information. (CVE-2022-23634) It was discovered that Puma incorrectly handled certain malformed headers. A remote attacker could use this issue to perform an HTTP Request Smuggling attack. (CVE-2022-24790) Ben Kallus discovered that Puma incorrectly handled parsing certain headers. A remote attacker could use this issue to perform an HTTP Request Smuggling attack. (CVE-2023-40175) Bartek Nowotarski discovered that Puma incorrectly handled parsing certain encoded content. A remote attacker could possibly use this to cause a denial of service. (CVE-2024-21647)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/usn
• source/Ubuntu
• anchor-related/USN-6597-1
• anchor-related/USN-6399-1
• agent/software-canonical-lookup
• agent/title
• agent/severity
• agent/last-modified-date
• agent/references
• agent/tags
• agent/softwarecombine
• agent/type
• agent/first-publish-date
• agent/description
• agent/event
• package-manager/ubuntu
• vendor/ubuntu
• canonical/ubuntu ubuntu
• version/ubuntu ubuntu/22.04
• version/ubuntu ubuntu/20.04