CVE-2022-24790HTTP Request Smuggling in Puma

CWE-444HTTP Request Smuggling8 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 38.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
PumaDebian PumaDebian Linux+1 more
Timeline
PublishedMar 30
Latest updateMar 7

Description

Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDpuma/puma5.0.05.6.4+1
RubyGemspuma/puma5.0.05.6.4+1
debiandebian/puma< puma 5.6.4-1 (bookworm)
Debianpuma/puma< 4.3.8-1+deb11u2+3
Ubuntupuma/puma< 3.12.4-1ubuntu2+esm1+1

Also affects: Debian Linux 10.0, 11.0, Fedora 35, 36, 37

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
puma vulnerabilities2024-03-07
OSV
CVE-2022-24790: Puma is a simple, fast, multi-threaded, parallel HTTP 12022-03-30
GHSA
Puma vulnerable to HTTP Request Smuggling2022-03-30
OSV
Puma vulnerable to HTTP Request Smuggling2022-03-30

📋Vendor Advisories

3
Ubuntu
Puma vulnerabilities2024-03-07
Red Hat
puma-5.6.4: http request smuggling vulnerabilities2022-03-30
Debian
CVE-2022-24790: puma - Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack a...2022