Skip to content
Snippets Groups Projects
Select Git revision
  • fix/impoter-issues
  • bug_fix/487-public-view-for-collection
  • pascal/cleanup_2025-01-29
  • develop default protected
  • bug_fix/remove_file_size_computation
  • feature/upgrade-hyrax-to-v5
  • gitlab-ci-image-build
  • feature/issues_2_3_11_upload_file_to_s3
  • feature/38-add-human-readable-query
  • bug_fix/importer_issues_25_33_34
  • clarify_options_for_selecting_work_type
  • feature/add-selenium-testing
  • bug_fix/fixes-for-issues-36-32
  • feature/implement_universalviewer
  • fixes/review-submission-issue-27
  • bug_fix/pagination_issue_on_experiment_page
  • bug_fix/issue_20_35
  • feature/484_update_omniauth_saml_hyrax5
  • feature/484_update_omniauth_saml
  • bug_fix/importer-issue-and-issues-19-12
  • v1.0-beta-7
  • v1.0-beta-6
  • v1.0-beta-5
  • v1.0-beta5
  • v1.0-beta4-14-gd64f165_2024-07-10T12-53-06UTC
  • v1.0-beta4
  • v1.0-beta3-33-g38db6d3_2024-05-22T15-51-39UTC
  • v1.0-beta3-32-g4457433_2024-05-16T06-39-18UTC
  • v1.0-beta3-10-g353506d_2024-04-23T09-43-10UTC
  • v1.0-beta3-9-ge461daa_2024-04-22T14-15-33UTC
  • v1.0-beta3-3-ge6f08da_2024-04-16T11-30-54UTC
  • v1.0-beta3
  • v1.0-beta2
  • v1.0-beta1
  • v0.3.8
  • v0.3.7
  • v0.3.6
  • v0.3.5
  • v0.3.4
  • v0.3.3
40 results
Compare
Pascal Ernster's avatar
hyrax/Gemfile: Bump puma to >= 5.6.9
Pascal Ernster authored 
This fixes the following security vulnerabilities:

Name: puma
Version: 3.12.6
CVE: CVE-2021-29509
GHSA: GHSA-q28m-8xjw-8vr5
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5
Title: Keepalive Connections Causing Denial Of Service in puma
Solution: update to '~> 4.3.8', '>= 5.3.1'

Name: puma
Version: 3.12.6
CVE: CVE-2021-41136
GHSA: GHSA-48w2-rm65-62xx
Criticality: Low
URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
Title: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma
Solution: update to '~> 4.3.9', '>= 5.5.1'

Name: puma
Version: 3.12.6
CVE: CVE-2022-23634
GHSA: GHSA-rmj8-8hhh-gv5h
Criticality: High
URL: https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h
Title: Information Exposure with Puma when used with Rails
Solution: update to '~> 4.3.11', '>= 5.6.2'

Name: puma
Version: 3.12.6
CVE: CVE-2022-24790
GHSA: GHSA-h99w-9q5r-gjq9
Criticality: Critical
URL: https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9
Title: HTTP Request Smuggling in puma
Solution: update to '~> 4.3.12', '>= 5.6.4'

Name: puma
Version: 3.12.6
CVE: CVE-2023-40175
GHSA: GHSA-68xg-gqqm-vgj8
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-68xg-gqqm-vgj8
Title: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in puma
Solution: update to '~> 5.6.7', '>= 6.3.1'

Name: puma
Version: 3.12.6
CVE: CVE-2024-21647
GHSA: GHSA-c2f4-cvqm-65w2
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2
Title: Puma HTTP Request/Response Smuggling vulnerability
Solution: update to '~> 5.6.8', '>= 6.4.2'

Name: puma
Version: 3.12.6
CVE: CVE-2024-45614
GHSA: GHSA-9hf4-67fc-4vf4
Criticality: Medium
URL: https://github.com/puma/puma/security/advisories/GHSA-9hf4-67fc-4vf4


Title: Puma's header normalization allows for client to clobber proxy set headers
Solution: update to '~> 5.6.9', '>= 6.4.3'

Signed-off-by: default avatarPascal Ernster <pascal.ernster@rub.de>
da79ada7
History
Pascal Ernster's avatar da79ada7
History
Name Last commit Last update