vulnerability

Ubuntu: (Multiple Advisories) (CVE-2024-21647): Puma vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:M/Au:N/C:N/I:N/A:C)	Jan 8, 2024	Jan 26, 2024	Mar 27, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:C)

Published

Jan 8, 2024

Added

Jan 26, 2024

Modified

Mar 27, 2026

Description

Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8.

Solution

ubuntu-pro-upgrade-puma

References

CVE-2024-21647
https://attackerkb.com/topics/CVE-2024-21647
CWE-444
EUVD-EUVD-2024-0323
UBUNTU-USN-6597-1
UBUNTU-USN-6682-1
https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-0323

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today