Ruby/puma/5.6.7

Puma is a simple, fast, threaded, and highly parallel HTTP 1.1 server for Ruby/Rack applications. Puma is intended for use in both development and production environments. It's great for highly parallel Ruby implementations such as Rubinius and JRuby as well as as providing process worker support to support CRuby well.

Repo Link: https://rubygems.org/gems/puma
License: BSD-3-Clause

1 Security Vulnerabilities

Puma HTTP Request/Response Smuggling vulnerability

Published date: 2024-01-08T15:56:48Z

CVE: CVE-2024-21647

Links:

Impact

Prior to versions 6.4.2 and 5.6.8, puma exhibited dangerous behavior when parsing chunked transfer encoding bodies.

Fixed versions limit the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption.

Patches

The vulnerability has been fixed in 6.4.2 and 5.6.8.

Workarounds

No known workarounds.

References

HTTP Request Smuggling
Open an issue in Puma
See our security policy

Affected versions: ["5.0.4", "5.0.3", "5.0.2", "5.0.1", "5.0.0", "5.0.0.beta2", "5.0.0.beta1", "4.3.6", "4.3.5", "4.3.4", "4.3.3", "4.3.1", "4.3.0", "4.2.1", "4.2.0", "4.1.1", "4.1.0", "4.0.1", "4.0.0", "3.12.6", "3.12.5", "3.12.4", "3.12.2", "3.12.1", "3.12.0", "3.11.4", "3.11.3", "3.11.2", "3.11.1", "3.11.0", "3.10.0", "3.9.1", "3.9.0", "3.8.2", "3.8.1", "3.8.0", "3.7.1", "3.7.0", "3.6.2", "3.6.1", "3.6.0", "3.5.2", "3.5.1", "3.5.0", "3.4.0", "3.3.0", "3.2.0", "3.1.1", "3.1.0", "3.0.2", "3.0.1", "3.0.0", "3.0.0.rc1", "2.16.0", "2.15.3", "2.15.2", "2.15.1", "2.15.0", "2.14.0", "2.13.4", "2.13.3", "2.13.2", "2.13.1", "2.13.0", "2.12.3", "2.12.2", "2.12.1", "2.12.0", "2.11.3", "2.11.2", "2.11.1", "2.11.0", "2.10.2", "2.10.1", "2.10.0", "2.9.2", "2.9.1", "2.9.0", "2.8.2", "2.8.1", "2.8.0", "2.7.1", "2.7.0", "2.6.0", "2.5.1", "2.5.0", "2.4.1", "2.4.0", "2.3.2", "2.3.1", "2.3.0", "2.2.2", "2.2.1", "2.2.0", "2.1.1", "2.1.0", "2.0.1", "2.0.0", "2.0.0.b7", "2.0.0.b6", "2.0.0.b5", "2.0.0.b4", "2.0.0.b3", "2.0.0.b2", "2.0.0.b1", "1.6.3", "1.6.2", "1.6.1", "1.6.0", "1.5.0", "1.4.0", "1.3.1", "1.3.0", "1.2.2", "1.2.1", "1.2.0", "1.1.1", "1.1.0", "1.0.0", "0.9.5", "0.9.4", "0.9.3", "0.9.2", "0.9.1", "0.9.0", "0.8.2", "0.8.1", "0.8.0", "5.1.0", "4.3.7", "5.1.1", "5.2.0", "5.2.1", "5.2.2", "5.3.0", "5.3.1", "4.3.8", "5.3.2", "5.4.0", "5.5.0", "5.5.1", "4.3.9", "5.5.2", "4.3.10", "5.6.0", "5.6.1", "5.6.2", "4.3.11", "5.6.4", "4.3.12", "5.6.5", "5.6.6", "5.6.7", "6.0.0", "6.0.1", "6.0.2", "6.1.0", "6.1.1", "6.2.1", "6.2.0", "6.2.2", "6.3.0", "6.3.1", "6.4.0", "6.4.1"]

Secure versions: [5.6.8, 6.4.3, 5.6.9]

Recommendation: Update to version 6.4.3.

169 Other Versions

Version	License	Security	Released
6.4.3	BSD-3-Clause		2024-09-19 - 05:50	2 days
6.4.2	BSD-3-Clause	1	2024-01-08 - 05:57	9 months
6.4.1	BSD-3-Clause	3	2024-01-03 - 00:05	9 months
6.4.0	BSD-3-Clause	3	2023-09-21 - 04:15	about 1 year
6.3.1	BSD-3-Clause	3	2023-08-18 - 01:22	about 1 year
6.3.0	BSD-3-Clause	5	2023-05-31 - 07:16	over 1 year
6.2.2	BSD-3-Clause	5	2023-04-17 - 22:44	over 1 year
6.2.1	BSD-3-Clause	5	2023-03-31 - 06:53	over 1 year
6.2.0	BSD-3-Clause	5	2023-03-29 - 06:55	over 1 year
6.1.1	BSD-3-Clause	5	2023-02-28 - 07:40	over 1 year
6.1.0	BSD-3-Clause	5	2023-02-12 - 04:58	over 1 year
6.0.2	BSD-3-Clause	5	2023-01-01 - 22:04	over 1 year
6.0.1	BSD-3-Clause	5	2022-12-20 - 20:21	almost 2 years
6.0.0	BSD-3-Clause	5	2022-10-14 - 02:33	almost 2 years
5.6.9	BSD-3-Clause		2024-09-19 - 05:41	2 days
5.6.8	BSD-3-Clause		2024-01-08 - 06:09	9 months
5.6.7	BSD-3-Clause	1	2023-08-18 - 05:58	about 1 year
5.6.6	BSD-3-Clause	1	2023-06-21 - 02:59	over 1 year
5.6.5	BSD-3-Clause	1	2022-08-23 - 06:04	about 2 years
5.6.4	BSD-3-Clause	1	2022-03-30 - 16:15	over 2 years
5.6.2	BSD-3-Clause	3	2022-02-11 - 21:17	over 2 years
5.6.1	BSD-3-Clause	5	2022-01-27 - 00:40	over 2 years
5.6.0	BSD-3-Clause	5	2022-01-25 - 21:21	over 2 years
5.5.2	BSD-3-Clause	9	2021-10-12 - 23:08	almost 3 years
5.5.1	BSD-3-Clause	9	2021-10-12 - 15:11	almost 3 years
5.5.0	BSD-3-Clause	11	2021-09-19 - 20:09	about 3 years
5.4.0	BSD-3-Clause	11	2021-07-29 - 14:31	about 3 years
5.3.2	BSD-3-Clause	11	2021-05-21 - 17:17	over 3 years
5.3.1	BSD-3-Clause	11	2021-05-11 - 14:56	over 3 years
5.3.0	BSD-3-Clause	13	2021-05-07 - 15:01	over 3 years
5.2.2	BSD-3-Clause	13	2021-03-02 - 16:08	over 3 years
5.2.1	BSD-3-Clause	13	2021-02-05 - 22:28	over 3 years
5.2.0	BSD-3-Clause	13	2021-01-27 - 20:43	over 3 years
5.1.1	BSD-3-Clause	13	2020-12-10 - 15:28	almost 4 years
5.1.0	BSD-3-Clause	13	2020-11-30 - 17:33	almost 4 years
5.0.4	BSD-3-Clause	13	2020-10-27 - 14:18	almost 4 years
5.0.3	BSD-3-Clause	13	2020-10-26 - 13:05	almost 4 years
5.0.2	BSD-3-Clause	13	2020-09-28 - 15:19	almost 4 years
5.0.1	BSD-3-Clause	13	2020-09-28 - 13:48	almost 4 years
5.0.0	BSD-3-Clause	13	2020-09-17 - 17:06	about 4 years
5.0.0.beta2	BSD-3-Clause	9	2020-09-05 - 22:28	about 4 years
5.0.0.beta1	BSD-3-Clause	9	2020-05-12 - 01:49	over 4 years
4.3.12	BSD-3-Clause	5	2022-03-30 - 16:14	over 2 years
4.3.11	BSD-3-Clause	6	2022-02-11 - 21:21	over 2 years
4.3.10	BSD-3-Clause	7	2021-10-12 - 23:15	almost 3 years
4.3.9	BSD-3-Clause	7	2021-10-12 - 15:13	almost 3 years
4.3.8	BSD-3-Clause	8	2021-05-11 - 14:54	over 3 years
4.3.7	BSD-3-Clause	9	2020-11-30 - 16:54	almost 4 years
4.3.6	BSD-3-Clause	9	2020-09-05 - 21:12	about 4 years
4.3.5	BSD-3-Clause	9	2020-05-19 - 22:43	over 4 years
4.3.4	BSD-3-Clause	11	2020-05-19 - 00:09	over 4 years
4.3.3	BSD-3-Clause	13	2020-02-28 - 19:23	over 4 years
4.3.1	BSD-3-Clause	17	2019-12-05 - 07:38	almost 5 years
4.3.0	BSD-3-Clause	19	2019-11-07 - 21:05	almost 5 years
4.2.1	BSD-3-Clause	23	2019-10-07 - 09:44	almost 5 years
4.2.0	BSD-3-Clause	23	2019-09-23 - 09:25	almost 5 years
4.1.1	BSD-3-Clause	23	2019-09-09 - 12:20	about 5 years
4.1.0	BSD-3-Clause	23	2019-08-08 - 19:55	about 5 years
4.0.1	BSD-3-Clause	23	2019-07-11 - 17:52	about 5 years
4.0.0	BSD-3-Clause	23	2019-06-25 - 17:46	about 5 years
3.12.6	BSD-3-Clause	13	2020-05-19 - 22:43	over 4 years
3.12.5	BSD-3-Clause	14	2020-05-19 - 00:08	over 4 years
3.12.4	BSD-3-Clause	15	2020-02-28 - 19:49	over 4 years
3.12.2	BSD-3-Clause	17	2019-12-05 - 07:43	almost 5 years
3.12.1	BSD-3-Clause	18	2019-03-19 - 18:07	over 5 years
3.12.0	BSD-3-Clause	18	2018-07-13 - 16:10	about 6 years
3.11.4	BSD-3-Clause	23	2018-04-12 - 19:40	over 6 years
3.11.3	BSD-3-Clause	23	2018-03-06 - 05:42	over 6 years
3.11.2	BSD-3-Clause	23	2018-01-19 - 19:24	over 6 years
3.11.1	BSD-3-Clause	23	2018-01-19 - 04:49	over 6 years
3.11.0	BSD-3-Clause	23	2017-11-20 - 16:29	almost 7 years
3.10.0	BSD-3-Clause	23	2017-08-17 - 19:25	about 7 years
3.9.1	BSD-3-Clause	23	2017-06-03 - 14:04	over 7 years
3.9.0	BSD-3-Clause	23	2017-06-01 - 15:40	over 7 years
3.8.2	BSD-3-Clause	23	2017-03-14 - 17:57	over 7 years
3.8.1	BSD-3-Clause	23	2017-03-10 - 17:20	over 7 years
3.8.0	BSD-3-Clause	23	2017-03-09 - 22:28	over 7 years
3.7.1	BSD-3-Clause	23	2017-02-20 - 15:19	over 7 years
3.7.0	BSD-3-Clause	23	2017-01-28 - 00:36	over 7 years
3.6.2	BSD-3-Clause	23	2016-11-22 - 23:57	almost 8 years
3.6.1	BSD-3-Clause	23	2016-11-21 - 19:08	almost 8 years
3.6.0	BSD-3-Clause	23	2016-07-25 - 05:18	about 8 years
3.5.2	BSD-3-Clause	23	2016-07-20 - 17:59	about 8 years
3.5.1	BSD-3-Clause	23	2016-07-20 - 17:55	about 8 years
3.5.0	BSD-3-Clause	23	2016-07-19 - 05:08	about 8 years
3.4.0	BSD-3-Clause	23	2016-04-07 - 22:07	over 8 years
3.3.0	BSD-3-Clause	23	2016-04-05 - 16:29	over 8 years
3.2.0	BSD-3-Clause	23	2016-03-20 - 21:21	over 8 years
3.1.1	BSD-3-Clause	23	2016-03-18 - 04:33	over 8 years
3.1.0	BSD-3-Clause	23	2016-03-06 - 00:34	over 8 years
3.0.2	BSD-3-Clause	23	2016-02-26 - 18:39	over 8 years
3.0.1	BSD-3-Clause	23	2016-02-26 - 03:44	over 8 years
3.0.0	BSD-3-Clause	23	2016-02-25 - 22:25	over 8 years
3.0.0.rc1	BSD-3-Clause	23	2016-02-20 - 01:27	over 8 years
2.16.0	BSD-3-Clause	23	2016-01-28 - 03:58	over 8 years
2.15.3	BSD-3-Clause	23	2015-11-07 - 17:19	almost 9 years
2.15.2	BSD-3-Clause	23	2015-11-06 - 23:35	almost 9 years
2.15.1	BSD-3-Clause	23	2015-11-06 - 23:31	almost 9 years
2.15.0	BSD-3-Clause	23	2015-11-06 - 19:08	almost 9 years
2.14.0	BSD-3-Clause	23	2015-09-18 - 16:57	about 9 years