Risk Scores
CVSS v3.1
8
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| puma | puma | >= 5.0.0, < 5.6.2, < 4.3.11 |
| RubyGems | gitlab-puma | 0, 5.0.0, 0 |
| RubyGems | puma | 0, 5.0.0, 0 |
| puma | puma | >= 5.0.0, < 5.6.2, < 4.3.11, >= 5.0.0, < 5.6.2 |
Timeline
- Feb 11, 2022 CVE Published
- Feb 12, 2022 EPSS Score
- Apr 5, 2022 EPSS Score
- May 26, 2022 EPSS Score
- Sep 8, 2022 EPSS Score
- Oct 30, 2022 EPSS Score
- Dec 20, 2022 EPSS Score
- Feb 10, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
- Sep 5, 2023 EPSS Score
References
- x_refsource_CONFIRM
- x_refsource_MISC
- x_refsource_MISC
- x_refsource_MISC
- x_refsource_MISC
- DSA-5146 vendor-advisoryx_refsource_DEBIAN
- [debian-lts-announce] 20220525 [SECURITY] [DLA 3023-1] puma security update mailing-listx_refsource_MLIST
- GLSA-202208-28 vendor-advisoryx_refsource_GENTOO
- [debian-lts-announce] 20220827 [SECURITY] [DLA 3083-1] puma security update mailing-listx_refsource_MLIST
- FEDORA-2022-de968d1b6c vendor-advisoryx_refsource_FEDORA
- FEDORA-2022-52d0032596 vendor-advisoryx_refsource_FEDORA
- FEDORA-2022-7c8b29195f vendor-advisoryx_refsource_FEDORA
- https://nvd.nist.gov/vuln/detail/CVE-2022-23634 advisory
- https://groups.google.com/g/ruby-security-ann/c/FkTM-_7zSNA/m/K2RiMJBlBAAJ url