puma vulnerabilities

Puma is a simple, fast, threaded, and highly concurrent HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly concurrent Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Latest version: 5.0.0.beta1

Licenses detected

Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the puma package. This does not include vulnerabilities belonging to this package’s dependencies.

Report new vulnerabilities
Vulnerability Vulnerable versions Snyk patch Published
  • M
HTTP Request Smuggling
<3.12.5,>=4.0.0, <4.3.4 Not available 22 May, 2020
  • M
HTTP Request Smuggling
<3.12.6,>=4.0.0, <4.3.5 Not available 22 May, 2020
  • M
HTTP Response Splitting
<3.12.4,>=4.0.0, <4.3.3 Not available 02 Mar, 2020
  • M
HTTP Response Splitting
>=4.0.0, <4.3.2,<3.12.3 Not available 28 Feb, 2020
  • H
Denial of Service (DoS)
<3.12.2,>=4.0.0, <4.3.1 Not available 06 Dec, 2019
  • M
Man-in-the-Middle (Mitm)
<2.9.2 Not available 12 Jun, 2017