CVE-2021-41136

NameCVE-2021-41136
DescriptionPuma is a HTTP 1.1 server for Ruby/Rack applications. Prior to version ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-5146-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
puma (PTS)buster3.12.0-2+deb10u2vulnerable
bullseye4.3.8-1vulnerable
bullseye (security)4.3.8-1+deb11u2fixed
bookworm, sid5.6.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pumasourcebullseye4.3.8-1+deb11u2DSA-5146-1
pumasource(unstable)5.5.2-1

Notes

[stretch] - puma <no-dsa> (Minor issue)
https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f

Search for package or bug name: Reporting problems