VDB
CVE-2022-23634
CVE-2022-23634
PUBLISHED
CVSS 8 HIGH
Information Exposure when using Puma with Rails
EPSS 0.48% · 65.5th percentile
Risk Scores
CVSS 3.1
8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
EPSS Score
0.48%
65.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| RubyGems | gitlab-puma | 5.0.0, 0, 5.0.0 |
| RubyGems | puma | 0, 5.0.0, 0 |
| puma | puma | *, *, >= 5.0.0, < 5.6.2 |
Timeline
- Feb 11, 2022 CVE Published
- Feb 12, 2022 EPSS Score
- Apr 5, 2022 EPSS Score
- May 28, 2022 EPSS Score
- Sep 10, 2022 EPSS Score
- Nov 2, 2022 EPSS Score
- Dec 24, 2022 EPSS Score
- Feb 14, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 7, 2023 EPSS Score
- Jul 21, 2023 EPSS Score
- Sep 11, 2023 EPSS Score
References
- https://github.com/puma/puma/security/advisories/GHSA-rmj8-8hhh-gv5h url
- https://github.com/puma/puma/commit/b70f451fe8abc0cff192c065d549778452e155bb url
- https://github.com/advisories/GHSA-rmj8-8hhh-gv5h url
- https://github.com/advisories/GHSA-wh98-p28r-vrc9 url
- https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ?utm_medium=email&utm_source=footer&pli=1 url
- DSA-5146 vendor-advisory
- [debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update mailing-list
- GLSA-202208-28 vendor-advisory
- [debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update mailing-list
- FEDORA-2022-de968d1b6c vendor-advisory
- FEDORA-2022-52d0032596 vendor-advisory
- FEDORA-2022-7c8b29195f vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-23634 advisory
- https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ url