Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/puma@3.12.0-4?distro=trixie
purl pkg:deb/debian/puma@3.12.0-4?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-tsrb-zgtb-8ybu ## Keepalive thread overload/DoS ### Impact A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough. ### Patches This vulnerability is patched in Puma 4.3.1 and 3.12.2. ### Workarounds Reverse proxies in front of Puma could be configured to always allow less than X keepalive connections to a Puma cluster or process, where X is the number of threads configured in Puma's thread pool. ### For more information If you have any questions or comments about this advisory: * Open an issue at [puma](github.com/puma/puma). CVE-2019-16770
GHSA-7xx3-m584-x994

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T10:38:46.340948+00:00 Debian Importer Fixing VCID-tsrb-zgtb-8ybu https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T07:11:51.411967+00:00 Debian Importer Fixing VCID-tsrb-zgtb-8ybu https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:50:24.534321+00:00 Debian Importer Fixing VCID-tsrb-zgtb-8ybu https://security-tracker.debian.org/tracker/data/json 38.1.0