puma vulnerabilities

Puma is a simple, fast, threaded, and highly parallel HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly parallel Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Direct Vulnerabilities

Known vulnerabilities in the puma package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
HTTP Request Smuggling

<4.3.12 >=5.0.0, <5.6.4-java
  • H
Information Exposure

<4.3.11 >=5.0.0, <5.6.2
  • L
HTTP Request Smuggling

<4.3.9 >=5.0.0, <5.5.1
  • H
Denial of Service (DoS)

>=5.0.0.beta1, <5.3.1 <4.3.8
  • M
HTTP Request Smuggling

<3.12.5 >=4.0.0, <4.3.4
  • M
HTTP Request Smuggling

<3.12.6 >=4.0.0, <4.3.5
  • M
HTTP Response Splitting

<3.12.4 >=4.0.0, <4.3.3
  • M
HTTP Response Splitting

>=4.0.0, <4.3.2 <3.12.3
  • H
Denial of Service (DoS)

<3.12.2 >=4.0.0, <4.3.1
  • M
Man-in-the-Middle (Mitm)

<2.9.2