ADVISORIES
GEM
SEVERITY
CVSS v3.x: 7.5 (High)
PATCHED VERSIONS
- ~> 3.12.5
- >= 4.3.4
DESCRIPTION
Impact
By using an invalid transfer-encoding header, an attacker could smuggle an HTTP response.
Patches
The problem has been fixed in Puma 3.12.5 and Puma 4.3.4.