CVE-2021-41136
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-41136
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41136.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-41136
- Aliases
- Downstream
- Related
- Published
- 2021-10-12T16:15:07Z
- Modified
- 2025-09-19T13:15:25.842851Z
- Severity
-
- 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using
pumawith a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server withpuma. - References
-
- https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f
- https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx
- https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html
- https://security.gentoo.org/glsa/202208-28
- https://www.debian.org/security/2022/dsa-5146
- https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18
- https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139
Affected packages
Git / github.com/puma/puma
Affected ranges
- Type
- GIT
- Repo
- https://github.com/puma/puma
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
Other
rm
v1.*
v1.1.0
v1.1.1
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1
v1.4.0
v1.5.0
v1.6.2
v2.*
v2.0.0
v2.0.0.b2
v2.0.0.b3
v2.0.0.b4
v2.0.0.b5
v2.0.0.b6
v2.0.0.b7
v2.0.1
v2.1.0
v2.1.1
v2.10.0
v2.10.1
v2.10.2
v2.11.0
v2.11.2
v2.11.3
v2.12.0
v2.12.1
v2.12.2
v2.12.3
v2.13.0
v2.13.1
v2.13.2
v2.13.3
v2.13.4
v2.14.0
v2.15.0
v2.15.1
v2.15.2
v2.15.3
v2.16.0
v2.2.0
v2.2.1
v2.2.2
v2.3.0
v2.3.1
v2.3.2
v2.4.0
v2.4.1
v2.5.0
v2.5.1
v2.6.0
v2.7.0
v2.7.1
v2.8.1
v2.8.2
v2.9.0
v2.9.1
v2.9.2
v3.*
v3.0.0
v3.0.0.rc1
v3.0.1
v3.0.2
v3.1.0
v3.1.1
v3.10.0
v3.11.0
v3.11.1
v3.11.2
v3.11.3
v3.11.4
v3.12.0
v3.12.1
v3.2.0
v3.3.0
v3.4.0
v3.5.0
v3.5.1
v3.5.2
v3.6.0
v3.7.1
v3.8.0
v3.9.0
v3.9.1
v4.*
v4.0.0
v4.0.1
v4.1.0
v4.2.0
v4.2.1
v4.3.0
v4.3.1
v4.3.2
v4.3.3
v4.3.4
v4.3.5
v4.3.6
v4.3.7
v4.3.8
v5.*
v5.0.0
v5.0.0.beta1
v5.0.0.beta2
v5.0.1
v5.0.2
v5.0.3
v5.1.0
v5.2.0
v5.2.1
v5.2.2
v5.3.0
v5.3.1
v5.3.2
v5.4.0
v5.5.0
Database specific
{
"vanir_signatures": [
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139",
"target": {
"function": "init__puma_parser_trans_keys_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-06475605",
"signature_version": "v1",
"digest": {
"function_hash": "243637905036023402108370435335451280156",
"length": 1570.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139",
"target": {
"function": "init__puma_parser_indicies_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-1815790b",
"signature_version": "v1",
"digest": {
"function_hash": "231985259831941494472444397660298085827",
"length": 1228.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139",
"target": {
"file": "ext/puma_http11/http11_parser.c"
},
"signature_type": "Line",
"id": "CVE-2021-41136-1e1e247d",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"9396889129896916358032138874074110785",
"311465286520304068940016006011601488920",
"167090362721002750835148356414983049757",
"210175367874060786257694337866683036901",
"303536267020037755582791389254378086629",
"167468096237305529456352112473757796655",
"46686546375678076456070736979209145833",
"287438159197284271306067611404777221691",
"313395298986914761469300642907912956946",
"10907805721791458156427638258550920134",
"235078852235054791404305595390422068087",
"301829733590196471881980973138085459346",
"6830494068489823924323846534513868368",
"273403251192835050980742874036073196704",
"106716358692935998287351338804956912227",
"13160435132862206790850726123907529481",
"81920000647311027084755965212579560364",
"179321159565694124600161421095415053768",
"190096087171031149247373745051785577958",
"130012521909532506702891256736858506586",
"287066351672157090007377371918587650012",
"308547901279785755902244110692087366915",
"194810186731839820654111825313140219229",
"168274068218993397898711231488072321780",
"164396275643361289912713190307762986081",
"132392431922035805196963481438563150516",
"36142573289431553726511593919295078522",
"228564216919818154591408362834147002359",
"53810814481615067892080340908543653329",
"109481634273455535240893536135528122672",
"145237950484528447241326083911051622500",
"160685398832185260569012532035110250244",
"291892045182335662081964041494277815354",
"253213347790306840904873851468774765988",
"260639083444169750361037222951937641192",
"245393427505200441322333117876834885225",
"130339952855002738500935563963678865057",
"75345493190787162228635623921381490953",
"179092965171710655984851522524509488659",
"276814666916486805534133320938108040872",
"271330542309235225172156696670631253708",
"69473545054431078145340848915733352228",
"45334952960014861546648619180338348462"
]
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139",
"target": {
"function": "init__puma_parser_single_lengths_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-282c28b6",
"signature_version": "v1",
"digest": {
"function_hash": "133016932206101390291904218447375377337",
"length": 231.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139",
"target": {
"function": "init__puma_parser_index_offsets_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-2b3a664e",
"signature_version": "v1",
"digest": {
"function_hash": "237175404082762165011592881872751229916",
"length": 298.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139",
"target": {
"function": "init__puma_parser_key_offsets_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-2c574665",
"signature_version": "v1",
"digest": {
"function_hash": "217904682322388869362996300694645730068",
"length": 299.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f",
"target": {
"function": "init__puma_parser_index_offsets_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-41c49bbe",
"signature_version": "v1",
"digest": {
"function_hash": "237175404082762165011592881872751229916",
"length": 298.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f",
"target": {
"function": "init__puma_parser_single_lengths_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-4ed34c4a",
"signature_version": "v1",
"digest": {
"function_hash": "133016932206101390291904218447375377337",
"length": 231.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18",
"target": {
"function": "init__puma_parser_single_lengths_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-4fb9dc19",
"signature_version": "v1",
"digest": {
"function_hash": "133016932206101390291904218447375377337",
"length": 231.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18",
"target": {
"function": "init__puma_parser_indicies_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-519ec46f",
"signature_version": "v1",
"digest": {
"function_hash": "231985259831941494472444397660298085827",
"length": 1228.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139",
"target": {
"function": "puma_parser_execute",
"file": "ext/puma_http11/http11_parser.c"
},
"signature_type": "Function",
"id": "CVE-2021-41136-5a4933a0",
"signature_version": "v1",
"digest": {
"function_hash": "242339570277001785773233505373898606720",
"length": 20712.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18",
"target": {
"function": "init__puma_parser_key_offsets_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-6ce9ea72",
"signature_version": "v1",
"digest": {
"function_hash": "217904682322388869362996300694645730068",
"length": 299.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18",
"target": {
"function": "init__puma_parser_index_offsets_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-700de44e",
"signature_version": "v1",
"digest": {
"function_hash": "237175404082762165011592881872751229916",
"length": 298.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f",
"target": {
"function": "init__puma_parser_range_lengths_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-7035b0cc",
"signature_version": "v1",
"digest": {
"function_hash": "149773232736982746806761284168545343367",
"length": 231.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139",
"target": {
"function": "init__puma_parser_range_lengths_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-7c415444",
"signature_version": "v1",
"digest": {
"function_hash": "149773232736982746806761284168545343367",
"length": 231.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f",
"target": {
"function": "init__puma_parser_indicies_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-9439135a",
"signature_version": "v1",
"digest": {
"function_hash": "231985259831941494472444397660298085827",
"length": 1228.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f",
"target": {
"function": "puma_parser_execute",
"file": "ext/puma_http11/http11_parser.c"
},
"signature_type": "Function",
"id": "CVE-2021-41136-97af8335",
"signature_version": "v1",
"digest": {
"function_hash": "148037133648624505747146056367617308611",
"length": 20712.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18",
"target": {
"file": "ext/puma_http11/http11_parser.c"
},
"signature_type": "Line",
"id": "CVE-2021-41136-9aa63c3e",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"9396889129896916358032138874074110785",
"311465286520304068940016006011601488920",
"167090362721002750835148356414983049757",
"210175367874060786257694337866683036901",
"303536267020037755582791389254378086629",
"167468096237305529456352112473757796655",
"46686546375678076456070736979209145833",
"287438159197284271306067611404777221691",
"313395298986914761469300642907912956946",
"10907805721791458156427638258550920134",
"235078852235054791404305595390422068087",
"301829733590196471881980973138085459346",
"6830494068489823924323846534513868368",
"273403251192835050980742874036073196704",
"106716358692935998287351338804956912227",
"13160435132862206790850726123907529481",
"81920000647311027084755965212579560364",
"179321159565694124600161421095415053768",
"190096087171031149247373745051785577958",
"130012521909532506702891256736858506586",
"287066351672157090007377371918587650012",
"308547901279785755902244110692087366915",
"194810186731839820654111825313140219229",
"168274068218993397898711231488072321780",
"164396275643361289912713190307762986081",
"132392431922035805196963481438563150516",
"36142573289431553726511593919295078522",
"228564216919818154591408362834147002359",
"53810814481615067892080340908543653329",
"109481634273455535240893536135528122672",
"145237950484528447241326083911051622500",
"160685398832185260569012532035110250244",
"291892045182335662081964041494277815354",
"253213347790306840904873851468774765988",
"260639083444169750361037222951937641192",
"245393427505200441322333117876834885225",
"130339952855002738500935563963678865057",
"75345493190787162228635623921381490953",
"179092965171710655984851522524509488659",
"276814666916486805534133320938108040872",
"271330542309235225172156696670631253708",
"69473545054431078145340848915733352228",
"45334952960014861546648619180338348462"
]
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18",
"target": {
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Line",
"id": "CVE-2021-41136-b3f56ed3",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"169535204697166314504599887187493239918",
"273655938431943746795168657165293436918",
"290394715900014243820648210123052966839",
"57384868397424164691291228658388429664",
"334440165041501598307263668985052139287",
"54442755231735491292063537313014045142",
"44256353263148969445223985142386628115",
"199067731773065189421748602564937789339",
"233018603693615790232100788979073862225",
"132205268161300235858960867206655826236",
"189393234271525250819591150634216788389",
"193449567862475671725688014743467775431",
"114050877613624255895571241244246138466",
"221506577987664611990691144997414249622",
"32733786905806438668612656585257926599",
"268190116542837276480417350927784345295",
"286687550605576117842376837848713589027",
"94975771807507743689815452359118339162",
"155269573619398309272863819166066587980",
"246417130685718797040779465040792912868",
"124866799500248146277930786460945963011",
"68066688115136500497341154774442624573",
"316688801571060813132282181748415782472",
"67520356862490299338318035399864463964",
"226420470658690891581058883910589863581",
"179378540952110728204029371212539985343",
"1714558900664080460424410237586116725",
"331202073032960093161101032263643973593",
"60189412440982091011596227490287775941",
"274532983348094895609674711629694138870",
"21277343520638523085753373263321404924",
"117666034173828438759087070817081200936",
"13129878328287004715151083453924554003",
"150096014754807485941879917774536306861",
"265832192050034650797653751345371572345",
"274978969727915577888455423029699125538",
"89780702635697365249987112988112468305",
"257255235442378532224578084716734313358",
"111813112840830641058752589084828679761",
"296744140576722369674231038744686748982",
"154421838835199908073742409919462884078",
"141149440075306684596418808143330222461",
"249938686063927975789191939164824380715",
"146685132255778812398231783571574948942",
"215598353603797536271660566245940665430",
"198626000487045024679403049122395778847",
"312453052691082167540978824723242302110",
"277199932911301426206805916898617531880",
"219901692721736088274666754005299680943",
"29752322404042694340142518300671711150",
"281314839761543365615258805700239484358",
"88073889260487968734519717624387864530",
"84456575257557029028732017864000390806",
"130719352694483232512063040403590836220",
"110343812732896853265432929056682634680"
]
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18",
"target": {
"function": "init__puma_parser_trans_keys_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-bd5b8fcc",
"signature_version": "v1",
"digest": {
"function_hash": "243637905036023402108370435335451280156",
"length": 1570.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f",
"target": {
"function": "init__puma_parser_key_offsets_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-bf2c01d5",
"signature_version": "v1",
"digest": {
"function_hash": "217904682322388869362996300694645730068",
"length": 299.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139",
"target": {
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Line",
"id": "CVE-2021-41136-c365cd5a",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"169535204697166314504599887187493239918",
"273655938431943746795168657165293436918",
"290394715900014243820648210123052966839",
"57384868397424164691291228658388429664",
"334440165041501598307263668985052139287",
"54442755231735491292063537313014045142",
"44256353263148969445223985142386628115",
"199067731773065189421748602564937789339",
"233018603693615790232100788979073862225",
"132205268161300235858960867206655826236",
"189393234271525250819591150634216788389",
"193449567862475671725688014743467775431",
"114050877613624255895571241244246138466",
"221506577987664611990691144997414249622",
"32733786905806438668612656585257926599",
"268190116542837276480417350927784345295",
"286687550605576117842376837848713589027",
"94975771807507743689815452359118339162",
"155269573619398309272863819166066587980",
"246417130685718797040779465040792912868",
"124866799500248146277930786460945963011",
"68066688115136500497341154774442624573",
"316688801571060813132282181748415782472",
"67520356862490299338318035399864463964",
"226420470658690891581058883910589863581",
"179378540952110728204029371212539985343",
"1714558900664080460424410237586116725",
"331202073032960093161101032263643973593",
"60189412440982091011596227490287775941",
"274532983348094895609674711629694138870",
"21277343520638523085753373263321404924",
"117666034173828438759087070817081200936",
"13129878328287004715151083453924554003",
"150096014754807485941879917774536306861",
"265832192050034650797653751345371572345",
"274978969727915577888455423029699125538",
"89780702635697365249987112988112468305",
"257255235442378532224578084716734313358",
"111813112840830641058752589084828679761",
"296744140576722369674231038744686748982",
"154421838835199908073742409919462884078",
"141149440075306684596418808143330222461",
"249938686063927975789191939164824380715",
"146685132255778812398231783571574948942",
"215598353603797536271660566245940665430",
"198626000487045024679403049122395778847",
"312453052691082167540978824723242302110",
"277199932911301426206805916898617531880",
"219901692721736088274666754005299680943",
"29752322404042694340142518300671711150",
"281314839761543365615258805700239484358",
"88073889260487968734519717624387864530",
"84456575257557029028732017864000390806",
"130719352694483232512063040403590836220",
"110343812732896853265432929056682634680"
]
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f",
"target": {
"file": "ext/puma_http11/http11_parser.c"
},
"signature_type": "Line",
"id": "CVE-2021-41136-cb67c75b",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"9396889129896916358032138874074110785",
"311465286520304068940016006011601488920",
"167090362721002750835148356414983049757",
"210175367874060786257694337866683036901",
"303536267020037755582791389254378086629",
"167468096237305529456352112473757796655",
"200218194976026091729999881669693044999",
"331131113139180822283316071375309716944",
"313395298986914761469300642907912956946",
"10907805721791458156427638258550920134",
"235078852235054791404305595390422068087",
"301829733590196471881980973138085459346",
"6830494068489823924323846534513868368",
"253409754725651810909322279440907084445",
"107969773022826293090949185385637168376",
"13160435132862206790850726123907529481",
"81920000647311027084755965212579560364",
"179321159565694124600161421095415053768",
"190096087171031149247373745051785577958",
"130012521909532506702891256736858506586",
"287066351672157090007377371918587650012",
"308547901279785755902244110692087366915",
"194810186731839820654111825313140219229",
"168274068218993397898711231488072321780",
"164396275643361289912713190307762986081",
"132392431922035805196963481438563150516",
"36142573289431553726511593919295078522",
"228564216919818154591408362834147002359",
"53810814481615067892080340908543653329",
"109481634273455535240893536135528122672",
"145237950484528447241326083911051622500",
"160685398832185260569012532035110250244",
"291892045182335662081964041494277815354",
"253213347790306840904873851468774765988",
"260639083444169750361037222951937641192",
"245393427505200441322333117876834885225",
"130339952855002738500935563963678865057",
"75345493190787162228635623921381490953",
"179092965171710655984851522524509488659",
"276814666916486805534133320938108040872",
"271330542309235225172156696670631253708",
"69473545054431078145340848915733352228",
"45334952960014861546648619180338348462"
]
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18",
"target": {
"function": "puma_parser_execute",
"file": "ext/puma_http11/http11_parser.c"
},
"signature_type": "Function",
"id": "CVE-2021-41136-d7d284af",
"signature_version": "v1",
"digest": {
"function_hash": "242339570277001785773233505373898606720",
"length": 20712.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18",
"target": {
"function": "init__puma_parser_range_lengths_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-e1491853",
"signature_version": "v1",
"digest": {
"function_hash": "149773232736982746806761284168545343367",
"length": 231.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f",
"target": {
"function": "init__puma_parser_trans_keys_0",
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Function",
"id": "CVE-2021-41136-eb44c185",
"signature_version": "v1",
"digest": {
"function_hash": "243637905036023402108370435335451280156",
"length": 1570.0
}
},
{
"deprecated": false,
"source": "https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f",
"target": {
"file": "ext/puma_http11/org/jruby/puma/Http11Parser.java"
},
"signature_type": "Line",
"id": "CVE-2021-41136-ef34d6cd",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"169535204697166314504599887187493239918",
"273655938431943746795168657165293436918",
"290394715900014243820648210123052966839",
"57384868397424164691291228658388429664",
"334440165041501598307263668985052139287",
"54442755231735491292063537313014045142",
"44256353263148969445223985142386628115",
"199067731773065189421748602564937789339",
"233018603693615790232100788979073862225",
"132205268161300235858960867206655826236",
"189393234271525250819591150634216788389",
"193449567862475671725688014743467775431",
"114050877613624255895571241244246138466",
"221506577987664611990691144997414249622",
"32733786905806438668612656585257926599",
"268190116542837276480417350927784345295",
"286687550605576117842376837848713589027",
"94975771807507743689815452359118339162",
"155269573619398309272863819166066587980",
"246417130685718797040779465040792912868",
"124866799500248146277930786460945963011",
"68066688115136500497341154774442624573",
"316688801571060813132282181748415782472",
"67520356862490299338318035399864463964",
"226420470658690891581058883910589863581",
"179378540952110728204029371212539985343",
"1714558900664080460424410237586116725",
"331202073032960093161101032263643973593",
"60189412440982091011596227490287775941",
"274532983348094895609674711629694138870",
"21277343520638523085753373263321404924",
"117666034173828438759087070817081200936",
"13129878328287004715151083453924554003",
"150096014754807485941879917774536306861",
"265832192050034650797653751345371572345",
"274978969727915577888455423029699125538",
"89780702635697365249987112988112468305",
"257255235442378532224578084716734313358",
"111813112840830641058752589084828679761",
"296744140576722369674231038744686748982",
"154421838835199908073742409919462884078",
"141149440075306684596418808143330222461",
"249938686063927975789191939164824380715",
"146685132255778812398231783571574948942",
"215598353603797536271660566245940665430",
"198626000487045024679403049122395778847",
"312453052691082167540978824723242302110",
"277199932911301426206805916898617531880",
"219901692721736088274666754005299680943",
"29752322404042694340142518300671711150",
"281314839761543365615258805700239484358",
"88073889260487968734519717624387864530",
"84456575257557029028732017864000390806",
"130719352694483232512063040403590836220",
"110343812732896853265432929056682634680"
]
}
}
]
}