{"affected":[{"ecosystem_specific":{"binaries":[{"ruby2.5-rubygem-puma":"5.6.9-150000.3.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Availability Extension 15 SP3","name":"rubygem-puma","purl":"pkg:rpm/suse/rubygem-puma&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.6.9-150000.3.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ruby2.5-rubygem-puma":"5.6.9-150000.3.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Availability Extension 15 SP4","name":"rubygem-puma","purl":"pkg:rpm/suse/rubygem-puma&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.6.9-150000.3.18.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ruby2.5-rubygem-puma":"5.6.9-150000.3.18.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Availability Extension 15 SP5","name":"rubygem-puma","purl":"pkg:rpm/suse/rubygem-puma&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"5.6.9-150000.3.18.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for rubygem-puma fixes the following issues:\n\nUpdate to version 5.6.9.\n\n- CVE-2024-45614: improper header normalization allows for clients to clobber proxy set headers, which can lead to\n  information leaks (bsc#1230848, fixed in an earlier update).\n- CVE-2024-21647: unbounded resource consumption due to invalid parsing of chunked encoding in HTTP/1.1 can lead to\n  denial-of-service attacks (bsc#1218638, fixed in an earlier update)\n- CVE-2023-40175: incorrect behavior when parsing chunked transfer encoding bodies and zero-length Content-Length\n  headers can lead to HTTP request smuggling attacks (bsc#1214425, fixed in an earlier update).\n","id":"SUSE-SU-2025:03466-1","modified":"2025-10-07T11:33:53Z","published":"2025-10-07T11:33:53Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202503466-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1214425"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218638"},{"type":"REPORT","url":"https://bugzilla.suse.com/1230848"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40175"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-21647"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-45614"}],"related":["CVE-2023-40175","CVE-2024-21647","CVE-2024-45614"],"summary":"Security update for rubygem-puma","upstream":["CVE-2023-40175","CVE-2024-21647","CVE-2024-45614"]}