Miggo Logo

CVE-2022-24790: Puma vulnerable to HTTP Request Smuggling

9.1

CVSS Score
3.1

Basic Information

EPSS Score
0.60534%
Published
3/30/2022
Updated
5/4/2023
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
pumarubygems>= 5.0.0, < 5.6.45.6.4
pumarubygems< 4.3.124.3.12

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from lenient parsing logic in HTTP header/body processing. The commit diff shows critical fixes in these functions: added validation for Transfer-Encoding values (rejecting invalid encodings, ensuring 'chunked' is last), strict Content-Length digit checks, and chunk size/ending validation. These functions directly handled the vulnerable parsing behaviors described in CVE-2022-24790, making them the clear points of failure.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W**n usin* Pum* ***in* * proxy t**t *o*s not prop*rly v*li**t* t**t t** in*omin* *TTP r*qu*st m*t***s t** R****** st*n**r*, Pum* *n* t** *ront*n* proxy m*y *is**r** on w**r* * r*qu*st st*rts *n* *n*s. T*is woul* *llow r*qu*sts to ** smu**l** vi* t**

Reasoning

T** vuln*r**ility st*ms *rom l*ni*nt p*rsin* lo*i* in *TTP *****r/*o*y pro**ssin*. T** *ommit *i** s*ows *riti**l *ix*s in t**s* *un*tions: ***** `v*li**tion` *or `Tr*ns**r-*n*o*in*` v*lu*s (r*j**tin* inv*li* *n*o*in*s, *nsurin* '**unk**' is l*st), s