Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/rubygem-puma@6.3.1-1?arch=el8sat
Typerpm
Namespaceredhat
Namerubygem-puma
Version6.3.1-1
Qualifiers
arch el8sat
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-fhu7-fyha-9khj
vulnerability_id VCID-fhu7-fyha-9khj
summary 
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40175.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40175.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40175
reference_id
reference_type
scores
0
value 0.00377
scoring_system epss
scoring_elements 0.59335
published_at 2026-04-21T12:55:00Z
1
value 0.00377
scoring_system epss
scoring_elements 0.59354
published_at 2026-04-18T12:55:00Z
2
value 0.00377
scoring_system epss
scoring_elements 0.59348
published_at 2026-04-16T12:55:00Z
3
value 0.00377
scoring_system epss
scoring_elements 0.59317
published_at 2026-04-08T12:55:00Z
4
value 0.00377
scoring_system epss
scoring_elements 0.59302
published_at 2026-04-04T12:55:00Z
5
value 0.00377
scoring_system epss
scoring_elements 0.59266
published_at 2026-04-07T12:55:00Z
6
value 0.00377
scoring_system epss
scoring_elements 0.59349
published_at 2026-04-11T12:55:00Z
7
value 0.00377
scoring_system epss
scoring_elements 0.59279
published_at 2026-04-02T12:55:00Z
8
value 0.00377
scoring_system epss
scoring_elements 0.5933
published_at 2026-04-09T12:55:00Z
9
value 0.00377
scoring_system epss
scoring_elements 0.59315
published_at 2026-04-13T12:55:00Z
10
value 0.00377
scoring_system epss
scoring_elements 0.59332
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40175
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40175
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40175
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/puma/puma
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma
5
reference_url https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-07T20:03:28Z/
url https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a
6
reference_url https://github.com/puma/puma/commit/7405a219801dcebc0ad6e0aa108d4319ca23f662
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/commit/7405a219801dcebc0ad6e0aa108d4319ca23f662
7
reference_url https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1
8
reference_url https://github.com/puma/puma/releases/tag/v5.6.7
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/releases/tag/v5.6.7
9
reference_url https://github.com/puma/puma/releases/tag/v6.3.1
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/puma/puma/releases/tag/v6.3.1
10
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2023-40175.yml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2023-40175.yml
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050079
reference_id 1050079
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050079
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2232729
reference_id 2232729
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2232729
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40175
reference_id CVE-2023-40175
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40175
14
reference_url https://github.com/advisories/GHSA-68xg-gqqm-vgj8
reference_id GHSA-68xg-gqqm-vgj8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-68xg-gqqm-vgj8
15
reference_url https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8
reference_id GHSA-68xg-gqqm-vgj8
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements
1
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
2
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
4
value CRITICAL
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-07T20:03:28Z/
url https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8
16
reference_url https://access.redhat.com/errata/RHSA-2024:0797
reference_id RHSA-2024:0797
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0797
17
reference_url https://usn.ubuntu.com/6399-1/
reference_id USN-6399-1
reference_type
scores
url https://usn.ubuntu.com/6399-1/
18
reference_url https://usn.ubuntu.com/6682-1/
reference_id USN-6682-1
reference_type
scores
url https://usn.ubuntu.com/6682-1/
fixed_packages
aliases CVE-2023-40175, GHSA-68xg-gqqm-vgj8
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fhu7-fyha-9khj
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-puma@6.3.1-1%3Farch=el8sat