Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/puma@5.5.2-1?distro=trixie
Typedeb
Namespacedebian
Namepuma
Version5.5.2-1
Qualifiers
distro trixie
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version5.6.4-1
Latest_non_vulnerable_version6.6.0-4
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-5zm7-c7nu-quad
vulnerability_id VCID-5zm7-c7nu-quad
summary 
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
Prior to `puma` version 5.5.0, using `puma` with a proxy which forwards LF characters as line endings could allow HTTP request smuggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client.

This behavior (forwarding LF characters as line endings) is very uncommon amongst proxy servers, so we have graded the impact here as "low". Puma is only aware of a single proxy server which has this behavior.

If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41136.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41136.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41136
reference_id
reference_type
scores
0
value 0.00288
scoring_system epss
scoring_elements 0.52244
published_at 2026-04-21T12:55:00Z
1
value 0.00288
scoring_system epss
scoring_elements 0.5226
published_at 2026-04-18T12:55:00Z
2
value 0.00288
scoring_system epss
scoring_elements 0.52256
published_at 2026-04-16T12:55:00Z
3
value 0.00288
scoring_system epss
scoring_elements 0.52218
published_at 2026-04-13T12:55:00Z
4
value 0.00288
scoring_system epss
scoring_elements 0.52233
published_at 2026-04-12T12:55:00Z
5
value 0.00288
scoring_system epss
scoring_elements 0.52249
published_at 2026-04-11T12:55:00Z
6
value 0.00288
scoring_system epss
scoring_elements 0.52197
published_at 2026-04-09T12:55:00Z
7
value 0.00288
scoring_system epss
scoring_elements 0.52201
published_at 2026-04-08T12:55:00Z
8
value 0.00288
scoring_system epss
scoring_elements 0.52113
published_at 2026-04-01T12:55:00Z
9
value 0.00288
scoring_system epss
scoring_elements 0.52148
published_at 2026-04-07T12:55:00Z
10
value 0.00288
scoring_system epss
scoring_elements 0.52183
published_at 2026-04-04T12:55:00Z
11
value 0.00288
scoring_system epss
scoring_elements 0.52156
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41136
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/puma/puma
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma
7
reference_url https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18
8
reference_url https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f
9
reference_url https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139
10
reference_url https://github.com/puma/puma/releases/tag/v4.3.9
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/releases/tag/v4.3.9
11
reference_url https://github.com/puma/puma/releases/tag/v5.5.1
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/releases/tag/v5.5.1
12
reference_url https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html
13
reference_url https://security.gentoo.org/glsa/202208-28
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202208-28
14
reference_url https://www.debian.org/security/2022/dsa-5146
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2022/dsa-5146
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2013495
reference_id 2013495
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2013495
16
reference_url https://security.archlinux.org/AVG-2764
reference_id AVG-2764
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2764
17
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41136
reference_id CVE-2021-41136
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41136
18
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2021-41136.yml
reference_id CVE-2021-41136.YML
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2021-41136.yml
19
reference_url https://github.com/advisories/GHSA-48w2-rm65-62xx
reference_id GHSA-48w2-rm65-62xx
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-48w2-rm65-62xx
20
reference_url https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
reference_id GHSA-48w2-rm65-62xx
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements
1
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
2
value LOW
scoring_system cvssv3.1_qr
scoring_elements
3
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
21
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
fixed_packages
0
url pkg:deb/debian/puma@4.3.8-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/puma@4.3.8-1%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fhu7-fyha-9khj
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puma@4.3.8-1%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/puma@5.5.2-1?distro=trixie
purl pkg:deb/debian/puma@5.5.2-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puma@5.5.2-1%3Fdistro=trixie
2
url pkg:deb/debian/puma@5.6.5-3%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/puma@5.6.5-3%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puma@5.6.5-3%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/puma@6.6.0-4?distro=trixie
purl pkg:deb/debian/puma@6.6.0-4?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/puma@6.6.0-4%3Fdistro=trixie
aliases CVE-2021-41136, GHSA-48w2-rm65-62xx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5zm7-c7nu-quad
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/puma@5.5.2-1%3Fdistro=trixie