vulnerability

SUSE: CVE-2024-21647: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:N/I:N/A:C)	Oct 16, 2024	Dec 5, 2025	Dec 5, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:C)

Published

Oct 16, 2024

Added

Dec 5, 2025

Modified

Dec 5, 2025

Description

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.

Solutions

suse-upgrade-ruby2-5-rubygem-pumasuse-upgrade-ruby2-5-rubygem-puma-doc

References

CVE-2024-21647
https://attackerkb.com/topics/CVE-2024-21647
CWE-444

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today