ADVISORIES
GEM
SEVERITY
CVSS v3.x: 8.8 (High)
CVSS v2.0: 6.8 (Medium)
PATCHED VERSIONS
- ~> 3.12.2
- >= 4.3.1
DESCRIPTION
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack.
If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.