Contents

---
gem: puma
cve: 2019-16770
ghsa: 7xx3-m584-x994
url: https://github.com/puma/puma/security/advisories/GHSA-7xx3-m584-x994
date: 2019-12-05
title: Keepalive thread overload/DoS in puma
description: |
  A poorly-behaved client could use keepalive requests to monopolize
  Puma's reactor and create a denial of service attack.

  If more keepalive connections to Puma are opened than there are
  threads available, additional connections will wait permanently if
  the attacker sends requests frequently enough.

cvss_v3: 8.8
cvss_v2: 6.8

patched_versions:
  - "~> 3.12.2"
  - ">= 4.3.1"

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
bundler-audit-0.7.0.1	data/ruby-advisory-db/gems/puma/CVE-2019-16770.yml