Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:gem/gitlab-puma@4.3.3.gitlab.2

Type gem

Namespace

Name gitlab-puma

Version 4.3.3.gitlab.2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url VCID-a89c-mhxf-gbcr

vulnerability_id VCID-a89c-mhxf-gbcr

summary

HTTP Smuggling via Transfer-Encoding Header in Puma
### Impact

This is a similar but different vulnerability to the one patched in 3.12.5 and 4.3.4.

A client could smuggle a request through a proxy, causing the proxy to send a response
back to another unknown client.

If the proxy uses persistent connections and the client adds another request in via HTTP
pipelining, the proxy may mistake it as the first request's body. Puma, however,
would see it as two requests, and when processing the second request, send back
a response that the proxy does not expect. If the proxy has reused the persistent
connection to Puma to send another request for a different client, the second response
from the first client will be sent to the second client.

### Patches

The problem has been fixed in Puma 3.12.6 and Puma 4.3.5.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11077.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11077.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11077

reference_id

reference_type

scores

value	0.00821
scoring_system	epss
scoring_elements	0.74783
published_at	2026-06-05T12:55:00Z

value	0.00821
scoring_system	epss
scoring_elements	0.7478
published_at	2026-06-07T12:55:00Z

value	0.00821
scoring_system	epss
scoring_elements	0.74753
published_at	2026-06-04T12:55:00Z

value	0.00821
scoring_system	epss
scoring_elements	0.74789
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11077

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11077
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11077

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/puma/puma

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma

reference_url

https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22

reference_url

https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2020-11077.yml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2020-11077.yml

reference_url

https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1842534
reference_id	1842534
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1842534

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972102
reference_id	972102
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972102

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-11077

reference_id

CVE-2020-11077

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-11077

reference_url

https://github.com/advisories/GHSA-w64w-qqph-5gxm

reference_id

GHSA-w64w-qqph-5gxm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w64w-qqph-5gxm

reference_url	https://usn.ubuntu.com/6682-1/
reference_id	USN-6682-1
reference_type
scores
url	https://usn.ubuntu.com/6682-1/

fixed_packages

url pkg:gem/gitlab-puma@4.3.5.gitlab.3

purl pkg:gem/gitlab-puma@4.3.5.gitlab.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nmrt-u3yt-c3bs

vulnerability	VCID-prw8-q89n-fkcp

vulnerability	VCID-y1y1-3d8u-yud7

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/gitlab-puma@4.3.5.gitlab.3

aliases CVE-2020-11077, GHSA-w64w-qqph-5gxm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a89c-mhxf-gbcr

url VCID-afk2-2mrt-h3ds

vulnerability_id VCID-afk2-2mrt-h3ds

summary

HTTP Smuggling via Transfer-Encoding Header in Puma
### Impact

By using an invalid transfer-encoding header, an attacker could
[smuggle an HTTP response.](https://portswigger.net/web-security/request-smuggling)

### Patches

The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00034.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00038.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11076.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11076.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-11076

reference_id

reference_type

scores

value	0.01782
scoring_system	epss
scoring_elements	0.83091
published_at	2026-06-06T12:55:00Z

value	0.01782
scoring_system	epss
scoring_elements	0.83092
published_at	2026-06-05T12:55:00Z

value	0.01782
scoring_system	epss
scoring_elements	0.83065
published_at	2026-06-04T12:55:00Z

value	0.01782
scoring_system	epss
scoring_elements	0.83088
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-11076

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11076
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11076

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/puma/puma

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma

reference_url

https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/blob/master/History.md#434435-and-31253126--2020-05-22

reference_url

https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd

reference_url

https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2020-11076.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2020-11076.yml

reference_url

https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2020/10/msg00009.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SKIY5H67GJIGJL6SMFWFLUQQQR3EMVPR/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1842539
reference_id	1842539
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1842539

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972102
reference_id	972102
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972102

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-11076

reference_id

CVE-2020-11076

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-11076

reference_url

https://github.com/advisories/GHSA-x7jg-6pwg-fx5h

reference_id

GHSA-x7jg-6pwg-fx5h

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x7jg-6pwg-fx5h

reference_url	https://usn.ubuntu.com/6682-1/
reference_id	USN-6682-1
reference_type
scores
url	https://usn.ubuntu.com/6682-1/

fixed_packages

url pkg:gem/gitlab-puma@4.3.5.gitlab.3

purl pkg:gem/gitlab-puma@4.3.5.gitlab.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nmrt-u3yt-c3bs

vulnerability	VCID-prw8-q89n-fkcp

vulnerability	VCID-y1y1-3d8u-yud7

resource_url http://public2.vulnerablecode.io/packages/pkg:gem/gitlab-puma@4.3.5.gitlab.3

aliases CVE-2020-11076, GHSA-x7jg-6pwg-fx5h

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afk2-2mrt-h3ds

url

VCID-nmrt-u3yt-c3bs

vulnerability_id

VCID-nmrt-u3yt-c3bs

summary

Keepalive Connections Causing Denial Of Service in puma
### Impact

The fix for CVE-2019-16770 was incomplete. The original fix only protected
existing connections that had already been accepted from having their
requests starved by greedy persistent-connections saturating all threads in
the same process. However, new connections may still be starved by greedy
persistent-connections saturating all threads in all processes in the
cluster.

A puma server which received more concurrent keep-alive connections than the
server had threads in its threadpool would service only a subset of
connections, denying service to the unserved connections.

### Patches

This problem has been fixed in puma 4.3.8 and 5.3.1.

### Workarounds

Setting queue_requests false also fixes the issue. This is not advised when
using puma without a reverse proxy, such as nginx or apache, because you will
open yourself to slow client attacks (e.g. [slowloris][1]).

The fix is very small. [A git patch is available here][2] for those using
[unsupported versions][3] of Puma.

[1]: https://en.wikipedia.org/wiki/Slowloris_(computer_security)
[2]: https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837
[3]: https://github.com/puma/puma/security/policy#supported-versions

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29509.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29509.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-29509

reference_id

reference_type

scores

value	0.01358
scoring_system	epss
scoring_elements	0.8048
published_at	2026-06-04T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.80505
published_at	2026-06-07T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.80509
published_at	2026-06-06T12:55:00Z

value	0.01358
scoring_system	epss
scoring_elements	0.80507
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-29509

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29509
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29509

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://gist.github.com/nateberkopec/4b3ea5676c0d70cbb37c82d54be25837

reference_url

https://github.com/puma/puma

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma

reference_url

https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5

reference_url

https://github.com/puma/puma/security/policy

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/security/policy

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2021-29509.yml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2021-29509.yml

reference_url

https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html

reference_url

https://rubygems.org/gems/puma

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rubygems.org/gems/puma

reference_url

https://security.gentoo.org/glsa/202208-28

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202208-28

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1964874
reference_id	1964874
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1964874

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989054
reference_id	989054
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989054

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-29509

reference_id

CVE-2021-29509

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-29509

reference_url

https://github.com/advisories/GHSA-q28m-8xjw-8vr5

reference_id

GHSA-q28m-8xjw-8vr5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-q28m-8xjw-8vr5

reference_url	https://access.redhat.com/errata/RHSA-2021:4702
reference_id	RHSA-2021:4702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4702

fixed_packages

aliases

CVE-2021-29509, GHSA-q28m-8xjw-8vr5

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-nmrt-u3yt-c3bs

url VCID-prw8-q89n-fkcp

vulnerability_id VCID-prw8-q89n-fkcp

summary

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Puma is a Ruby/Rack web server built for parallelism. Prior to versions 6.3.1 and 5.6.7, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length headers in a way that allowed HTTP request smuggling. Severity of this issue is highly dependent on the nature of the web site using puma is. This could be caused by either incorrect parsing of trailing fields in chunked transfer encoding bodies or by parsing of blank/zero-length Content-Length headers. Both issues have been addressed and this vulnerability has been fixed in versions 6.3.1 and 5.6.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40175.json

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-40175.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-40175

reference_id

reference_type

scores

value	0.00377
scoring_system	epss
scoring_elements	0.59652
published_at	2026-06-07T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.5966
published_at	2026-06-06T12:55:00Z

value	0.00377
scoring_system	epss
scoring_elements	0.59657
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-40175

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40175
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40175

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/puma/puma

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma

reference_url

https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-07T20:03:28Z/

url

https://github.com/puma/puma/commit/690155e7d644b80eeef0a6094f9826ee41f1080a

reference_url

https://github.com/puma/puma/commit/7405a219801dcebc0ad6e0aa108d4319ca23f662

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/commit/7405a219801dcebc0ad6e0aa108d4319ca23f662

reference_url

https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/commit/ed0f2f94b56982c687452504b95d5f1fbbe3eed1

reference_url

https://github.com/puma/puma/releases/tag/v5.6.7

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/releases/tag/v5.6.7

reference_url

https://github.com/puma/puma/releases/tag/v6.3.1

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma/releases/tag/v6.3.1

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2023-40175.yml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2023-40175.yml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050079
reference_id	1050079
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050079

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2232729
reference_id	2232729
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2232729

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-40175

reference_id

CVE-2023-40175

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-40175

reference_url

https://github.com/advisories/GHSA-68xg-gqqm-vgj8

reference_id

GHSA-68xg-gqqm-vgj8

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-68xg-gqqm-vgj8

reference_url

https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8

reference_id

GHSA-68xg-gqqm-vgj8

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-07T20:03:28Z/

url

https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8

reference_url	https://access.redhat.com/errata/RHSA-2024:0797
reference_id	RHSA-2024:0797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0797

reference_url	https://usn.ubuntu.com/6399-1/
reference_id	USN-6399-1
reference_type
scores
url	https://usn.ubuntu.com/6399-1/

reference_url	https://usn.ubuntu.com/6682-1/
reference_id	USN-6682-1
reference_type
scores
url	https://usn.ubuntu.com/6682-1/

fixed_packages

url	pkg:gem/gitlab-puma@5.6.7
purl	pkg:gem/gitlab-puma@5.6.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/gitlab-puma@5.6.7

url	pkg:gem/gitlab-puma@6.3.1
purl	pkg:gem/gitlab-puma@6.3.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:gem/gitlab-puma@6.3.1

aliases CVE-2023-40175, GHSA-68xg-gqqm-vgj8

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-prw8-q89n-fkcp

url

VCID-y1y1-3d8u-yud7

vulnerability_id

VCID-y1y1-3d8u-yud7

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24790.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-24790.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-24790

reference_id

reference_type

scores

value	0.00417
scoring_system	epss
scoring_elements	0.62143
published_at	2026-06-07T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.62098
published_at	2026-06-04T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.62147
published_at	2026-06-05T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.62154
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-24790

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41136

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23634

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24790

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/puma/puma

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/puma/puma

reference_url

https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:02Z/

url

https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-24790.yml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puma/CVE-2022-24790.yml

reference_url

https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:02Z/

url

https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/

reference_url

https://portswigger.net/web-security/request-smuggling

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://portswigger.net/web-security/request-smuggling

reference_url

https://security.gentoo.org/glsa/202208-28

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:02Z/

url

https://security.gentoo.org/glsa/202208-28

reference_url

https://www.debian.org/security/2022/dsa-5146

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:02Z/

url

https://www.debian.org/security/2022/dsa-5146

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008723
reference_id	1008723
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008723

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2071616
reference_id	2071616
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2071616

reference_url

https://security.archlinux.org/AVG-2764

reference_id

AVG-2764

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2764

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-24790

reference_id

CVE-2022-24790

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-24790

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/

reference_id

F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/

reference_url

https://github.com/advisories/GHSA-h99w-9q5r-gjq9

reference_id

GHSA-h99w-9q5r-gjq9

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-h99w-9q5r-gjq9

reference_url

https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

reference_id

GHSA-h99w-9q5r-gjq9

reference_type

scores

value	9.1
scoring_system	cvssv3
scoring_elements

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:02Z/

url

https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/

reference_id

L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/

reference_url	https://access.redhat.com/errata/RHSA-2022:8532
reference_id	RHSA-2022:8532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8532

reference_url	https://access.redhat.com/errata/RHSA-2023:1486
reference_id	RHSA-2023:1486
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1486

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/

reference_id

TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:50:02Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/

reference_url	https://usn.ubuntu.com/6682-1/
reference_id	USN-6682-1
reference_type
scores
url	https://usn.ubuntu.com/6682-1/

fixed_packages

aliases

CVE-2022-24790, GHSA-h99w-9q5r-gjq9

risk_score

4.5

exploitability

0.5

weighted_severity

9.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-y1y1-3d8u-yud7

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:gem/gitlab-puma@4.3.3.gitlab.2

Package Instance