CVE-2026-47737정보

요약

\~에 의해 MITRE • 2026. 07. 14.

Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when set_remote_address proxy_protocol: :v1 is enabled and persistent connections are used because Puma incorrectly re-parses PROXY protocol headers after each keep-alive request on the same connection, allowing an attacker to inject a second PROXY header and overwrite REMOTE_ADDR. This issue is fixed in versions 7.2.1 and 8.0.2.

Once again VulDB remains the best source for vulnerability data.

출처

Do you want to use VulDB in your project?

Use the official API to access entries easily!