Open dahogenelst opened 2 years ago
https://github.com/locomotivecms/wagon/blob/75383c98d416c07717393689b0c6ea77e1d9ec4e/locomotivecms_wagon.gemspec#L28
Name: puma Version: 5.0.4 CVE: CVE-2021-41136 GHSA: GHSA-48w2-rm65-62xx Criticality: Low URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx Title: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Solution: upgrade to ~> 4.3.9, >= 5.5.1
Name: puma Version: 5.0.4 CVE: CVE-2021-29509 GHSA: GHSA-q28m-8xjw-8vr5 Criticality: High URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5 Title: Keepalive Connections Causing Denial Of Service in puma Solution: upgrade to ~> 4.3.8, >= 5.3.1
https://github.com/locomotivecms/wagon/blob/75383c98d416c07717393689b0c6ea77e1d9ec4e/locomotivecms_wagon.gemspec#L28
Name: puma Version: 5.0.4 CVE: CVE-2021-41136 GHSA: GHSA-48w2-rm65-62xx Criticality: Low URL: https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx Title: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in puma Solution: upgrade to ~> 4.3.9, >= 5.5.1
Name: puma Version: 5.0.4 CVE: CVE-2021-29509 GHSA: GHSA-q28m-8xjw-8vr5 Criticality: High URL: https://github.com/puma/puma/security/advisories/GHSA-q28m-8xjw-8vr5 Title: Keepalive Connections Causing Denial Of Service in puma Solution: upgrade to ~> 4.3.8, >= 5.3.1