Read Time:20 Second
USN-7031-1 fixed CVE-2024-45614 in Puma for Ubuntu 24.04 LTS.
This update fixes the CVE for Ubuntu 22.04 LTS and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that Puma incorrectly handled parsing certain headers.
A remote attacker could possibly use this issue to overwrite header values
set by intermediate proxies by providing duplicate headers containing
underscore characters.