VulnerableCode Package Details - pkg:deb/debian/puma@6.4.2-1?distro=trixie

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/puma@6.4.2-1?distro=trixie

Essentials
History (3)

purl	pkg:deb/debian/puma@6.4.2-1?distro=trixie

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-nxhw-rdtz-zyar	Puma HTTP Request/Response Smuggling vulnerability ### Impact Prior to versions 6.4.2 and 5.6.8, puma exhibited dangerous behavior when parsing chunked transfer encoding bodies. Fixed versions limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. ### Patches The vulnerability has been fixed in 6.4.2 and 5.6.8. ### Workarounds No known workarounds. ### References * [HTTP Request Smuggling](https://portswigger.net/web-security/request-smuggling) * Open an issue in [Puma](https://github.com/puma/puma) * See our [security policy](https://github.com/puma/puma/security/policy)	CVE-2024-21647 GHSA-c2f4-cvqm-65w2

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:31:35.545534+00:00	Debian Importer	Fixing	VCID-nxhw-rdtz-zyar	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:06:19.417171+00:00	Debian Importer	Fixing	VCID-nxhw-rdtz-zyar	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:24.976468+00:00	Debian Importer	Fixing	VCID-nxhw-rdtz-zyar	https://security-tracker.debian.org/tracker/data/json	38.1.0