CVSS v3: 8.8
CVSS v2: 6.8
- ~> 3.12.2
- >= 4.3.1
A poorly-behaved client could use keepalive requests to monopolize Puma’s reactor and create a denial of service attack.
If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.