[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2022-24790":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":28,"duplicate_of":9,"upstream":29,"downstream":30,"duplicates":59,"related":60,"reserved_at":9,"published_at":68,"modified_at":69,"state":70,"summary":71,"references_raw":80,"kevs":125,"epss":126,"epss_history":129,"metrics":397,"affected":413},"CVE-2022-24790","Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[],[],[],[31,33,35,37,39,41,43,45,47,49,51,53,55,57],{"_key":32},"RHSA-2022:8532",{"_key":34},"SUSE-SU-2022:3338-1",{"_key":36},"SUSE-SU-2022:3339-1",{"_key":38},"UBUNTU-CVE-2022-24790",{"_key":40},"SUSE-SU-2022:3571-1",{"_key":42},"OPENSUSE-SU-2024:12032-1",{"_key":44},"OPENSUSE-SU-2024:12592-1",{"_key":46},"OPENSUSE-SU-2024:13166-1",{"_key":48},"OPENSUSE-SU-2024:13721-1",{"_key":50},"DLA-3083-1",{"_key":52},"DSA-5146-1",{"_key":54},"RHSA-2023:1486",{"_key":56},"USN-6682-1",{"_key":58},"DEBIAN-CVE-2022-24790",[],[61,62,63,64,65,66,67],{"_key":34},{"_key":36},{"_key":40},{"_key":42},{"_key":44},{"_key":46},{"_key":48},"2022-03-30T21:50:09.000Z","2025-04-23T18:43:11.083Z","Modified",{"cisa_kev":72,"cisa_ransomware":72,"cisa_vendor":9,"epss_severity":73,"epss_score":74,"severity":75,"severity_score":76,"severity_version":77,"severity_source":78,"severity_vector":79,"severity_status":70},false,"low",0.00417,"critical",9.1,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",[81,89,95,101,106,112,117,121],{"url":82,"sources":83,"tags":85},"https://github.com/puma/puma/security/advisories/GHSA-h99w-9q5r-gjq9",[78,84],"nvd",[86,87,88],"X Refsource CONFIRM","Issue Tracking","Third Party Advisory",{"url":90,"sources":91,"tags":92},"https://github.com/puma/puma/commit/5bb7d202e24dec00a898dca4aa11db391d7787a5",[78,84],[93,94,88],"X Refsource MISC","Patch",{"url":96,"sources":97,"tags":98},"https://www.debian.org/security/2022/dsa-5146",[78,84],[99,100,88],"Vendor Advisory","X Refsource DEBIAN",{"url":102,"sources":103,"tags":104},"https://security.gentoo.org/glsa/202208-28",[78,84],[99,105,88],"X Refsource GENTOO",{"url":107,"sources":108,"tags":109},"https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html",[78,84],[110,111,88],"Mailing List","X Refsource MLIST",{"url":113,"sources":114,"tags":115},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUBFJ44NCKJ34LECZRAP4N5VL6USJSIB/",[78,84],[99,116],"X Refsource FEDORA",{"url":118,"sources":119,"tags":120},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7NESIBFCNSR3XH7LXDPKVMSUBNUB43G/",[78,84],[99,116],{"url":122,"sources":123,"tags":124},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6YWGIIKL7KKTS3ZOAYMYPC7D6WQ5OA5/",[78,84],[99,116],[],{"date":127,"score":74,"percentile":128},"2026-06-04",0.62098,[130,134,137,140,143,146,149,152,155,158,161,164,167,169,171,175,178,181,184,187,190,193,196,200,203,206,209,212,215,218,221,224,227,230,233,236,239,242,245,248,251,254,257,259,262,265,268,271,274,278,281,284,287,290,294,297,299,302,305,308,311,314,317,320,323,326,329,332,335,338,341,344,347,350,352,355,358,361,363,366,369,372,375,378,381,384,386,389,391,394],{"date":131,"score":132,"percentile":133},"2025-11-04",0.00514,0.65699,{"date":135,"score":132,"percentile":136},"2025-11-05",0.65678,{"date":138,"score":132,"percentile":139},"2025-11-06",0.65675,{"date":141,"score":132,"percentile":142},"2025-11-07",0.65686,{"date":144,"score":132,"percentile":145},"2025-11-08",0.65684,{"date":147,"score":132,"percentile":148},"2025-11-09",0.65673,{"date":150,"score":132,"percentile":151},"2025-11-10",0.65663,{"date":153,"score":132,"percentile":154},"2025-11-11",0.65671,{"date":156,"score":132,"percentile":157},"2025-11-12",0.65693,{"date":159,"score":132,"percentile":160},"2025-11-13",0.65703,{"date":162,"score":132,"percentile":163},"2025-11-14",0.65711,{"date":165,"score":132,"percentile":166},"2025-11-15",0.65708,{"date":168,"score":132,"percentile":160},"2025-11-16",{"date":170,"score":132,"percentile":160},"2025-11-17",{"date":172,"score":173,"percentile":174},"2025-11-18",0.03006,0.8536,{"date":176,"score":173,"percentile":177},"2025-11-19",0.85361,{"date":179,"score":173,"percentile":180},"2025-11-20",0.85364,{"date":182,"score":132,"percentile":183},"2025-11-21",0.65718,{"date":185,"score":132,"percentile":186},"2025-11-22",0.65724,{"date":188,"score":132,"percentile":189},"2025-11-23",0.65709,{"date":191,"score":132,"percentile":192},"2025-11-24",0.65695,{"date":194,"score":132,"percentile":195},"2025-11-25",0.65698,{"date":197,"score":198,"percentile":199},"2025-11-26",0.00393,0.59553,{"date":201,"score":198,"percentile":202},"2025-11-27",0.59559,{"date":204,"score":198,"percentile":205},"2025-11-28",0.59534,{"date":207,"score":198,"percentile":208},"2025-11-29",0.59509,{"date":210,"score":198,"percentile":211},"2025-11-30",0.59497,{"date":213,"score":198,"percentile":214},"2025-12-01",0.59646,{"date":216,"score":198,"percentile":217},"2025-12-02",0.59657,{"date":219,"score":198,"percentile":220},"2025-12-03",0.59663,{"date":222,"score":198,"percentile":223},"2025-12-04",0.59498,{"date":225,"score":198,"percentile":226},"2025-12-05",0.59504,{"date":228,"score":198,"percentile":229},"2025-12-06",0.59494,{"date":231,"score":198,"percentile":232},"2025-12-07",0.59486,{"date":234,"score":198,"percentile":235},"2025-12-08",0.59489,{"date":237,"score":198,"percentile":238},"2025-12-09",0.59523,{"date":240,"score":198,"percentile":241},"2025-12-10",0.59572,{"date":243,"score":198,"percentile":244},"2025-12-11",0.59592,{"date":246,"score":198,"percentile":247},"2025-12-12",0.59609,{"date":249,"score":198,"percentile":250},"2025-12-13",0.5961,{"date":252,"score":198,"percentile":253},"2025-12-14",0.59604,{"date":255,"score":198,"percentile":256},"2025-12-15",0.59579,{"date":258,"score":198,"percentile":253},"2025-12-16",{"date":260,"score":198,"percentile":261},"2025-12-17",0.5962,{"date":263,"score":198,"percentile":264},"2025-12-18",0.59658,{"date":266,"score":198,"percentile":267},"2025-12-19",0.5967,{"date":269,"score":198,"percentile":270},"2025-12-20",0.59671,{"date":272,"score":198,"percentile":273},"2025-12-21",0.5966,{"date":275,"score":276,"percentile":277},"2025-12-22",0.00427,0.61823,{"date":279,"score":276,"percentile":280},"2025-12-23",0.6184,{"date":282,"score":276,"percentile":283},"2025-12-24",0.61848,{"date":285,"score":276,"percentile":286},"2025-12-25",0.61878,{"date":288,"score":276,"percentile":289},"2025-12-26",0.61874,{"date":291,"score":292,"percentile":293},"2025-12-27",0.00359,0.57636,{"date":295,"score":276,"percentile":296},"2025-12-28",0.61849,{"date":298,"score":276,"percentile":283},"2025-12-29",{"date":300,"score":276,"percentile":301},"2025-12-30",0.61865,{"date":303,"score":292,"percentile":304},"2025-12-31",0.57579,{"date":306,"score":292,"percentile":307},"2026-01-01",0.57752,{"date":309,"score":292,"percentile":310},"2026-01-02",0.57733,{"date":312,"score":292,"percentile":313},"2026-01-03",0.57731,{"date":315,"score":292,"percentile":316},"2026-01-04",0.57555,{"date":318,"score":292,"percentile":319},"2026-01-05",0.57545,{"date":321,"score":292,"percentile":322},"2026-01-06",0.57556,{"date":324,"score":292,"percentile":325},"2026-01-07",0.57584,{"date":327,"score":292,"percentile":328},"2026-01-08",0.57605,{"date":330,"score":292,"percentile":331},"2026-01-09",0.5761,{"date":333,"score":292,"percentile":334},"2026-01-10",0.57607,{"date":336,"score":292,"percentile":337},"2026-01-11",0.57591,{"date":339,"score":292,"percentile":340},"2026-01-12",0.57554,{"date":342,"score":292,"percentile":343},"2026-01-13",0.57533,{"date":345,"score":292,"percentile":346},"2026-01-14",0.57577,{"date":348,"score":292,"percentile":349},"2026-01-15",0.5758,{"date":351,"score":292,"percentile":328},"2026-01-16",{"date":353,"score":292,"percentile":354},"2026-01-17",0.57594,{"date":356,"score":292,"percentile":357},"2026-01-18",0.57586,{"date":359,"score":292,"percentile":360},"2026-01-19",0.57573,{"date":362,"score":292,"percentile":304},"2026-01-20",{"date":364,"score":292,"percentile":365},"2026-01-21",0.57585,{"date":367,"score":292,"percentile":368},"2026-01-22",0.57583,{"date":370,"score":292,"percentile":371},"2026-01-23",0.57621,{"date":373,"score":292,"percentile":374},"2026-01-24",0.57628,{"date":376,"score":292,"percentile":377},"2026-01-25",0.5759,{"date":379,"score":292,"percentile":380},"2026-01-26",0.57575,{"date":382,"score":292,"percentile":383},"2026-01-27",0.57588,{"date":385,"score":292,"percentile":354},"2026-01-28",{"date":387,"score":292,"percentile":388},"2026-01-29",0.57595,{"date":390,"score":292,"percentile":354},"2026-01-30",{"date":392,"score":292,"percentile":393},"2026-01-31",0.57596,{"date":395,"score":292,"percentile":396},"2026-02-01",0.5774,[398,403],{"source":78,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":399,"cvss_v4_0":9},{"baseScore":76,"baseSeverity":400,"vectorString":79,"impactScore":401,"exploitabilityScore":402},"CRITICAL",8.7,10,{"source":84,"cvss_v2_0":404,"cvss_v3_0":9,"cvss_v3_1":408,"cvss_v4_0":9},{"baseScore":405,"baseSeverity":9,"vectorString":406,"impactScore":407,"exploitabilityScore":402},5,"AV:N/AC:L/Au:N/C:N/I:P/A:N",2.9,{"baseScore":409,"baseSeverity":410,"vectorString":411,"impactScore":412,"exploitabilityScore":402},7.5,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",6,[414,425,435],{"ecosystem":9,"name":415,"vendor":416,"product":417,"cpe_part":418,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":419},"debian linux","debian","debian_linux","o",[420,423],{"version":421,"is_range":72,"range_type":422,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"10.0","cpe",{"version":424,"is_range":72,"range_type":422,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"11.0",{"ecosystem":9,"name":426,"vendor":427,"product":426,"cpe_part":418,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":428},"fedora","fedoraproject",[429,431,433],{"version":430,"is_range":72,"range_type":422,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"35",{"version":432,"is_range":72,"range_type":422,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"36",{"version":434,"is_range":72,"range_type":422,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"37",{"ecosystem":9,"name":436,"vendor":436,"product":436,"cpe_part":437,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":438},"puma","a",[439,444],{"version":440,"is_range":441,"range_type":422,"version_start":9,"version_start_type":9,"version_end":442,"version_end_type":443,"fixed_in":9},"lt4.3.12",true,"4.3.12","excluding",{"version":445,"is_range":441,"range_type":422,"version_start":446,"version_start_type":447,"version_end":448,"version_end_type":443,"fixed_in":9},"gte5.0.0_lt5.6.4","5.0.0","including","5.6.4"]