CVE-2022-24790: Puma vulnerable to HTTP Request Smuggling
9.1
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.60534%
CWE
Published
3/30/2022
Updated
5/4/2023
KEV Status
No
Technology
Ruby
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
puma | rubygems | >= 5.0.0, < 5.6.4 | 5.6.4 |
puma | rubygems | < 4.3.12 | 4.3.12 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerability stems from lenient parsing logic in HTTP header/body processing. The commit diff shows critical fixes in these functions: added validation
for Transfer-Encoding
values (rejecting invalid encodings, ensuring 'chunked' is last), strict Content-Length
digit checks, and chunk size/ending validation
. These functions directly handled the vulnerable parsing behaviors described in CVE-2022-24790
, making them the clear points of failure.