CRITICAL9.8CVE-2023-40175Puma HTTP Request/Response Smuggling vulnerability from 0, < 5.6.7
>= 5.0.0, < 5.6.4
HIGH8.0CVE-2022-23634Puma used with Rails may lead to Information Exposure >= 5.0.0, < 5.6.2
HIGH7.5Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections
>= 8.0.0, < 8.0.2
HIGH7.5Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion
>= 8.0.0, < 8.0.2
HIGH7.5puma - security update
from 0, < 4.3.8
HIGH7.5puma - security update
from 0, < 3.12.5
MEDIUM6.8HTTP Smuggling via Transfer-Encoding Header in Puma
from 0, < 3.12.6
MEDIUM6.5HTTP Response Splitting (Early Hints) in Puma
from 0, < 3.12.4
MEDIUM6.5HTTP Response Splitting in Puma
from 0, < 3.12.4
MEDIUM5.9puma - security update
>= 6.0.0, < 6.4.2
MEDIUM5.4Puma's header normalization allows for client to clobber proxy set headers
from 0, < 5.6.9
MEDIUM5.3puma - security update
from 0, < 3.12.2
LOW3.7puma - security update
>= 5.0.0, < 5.5.1