{"id":"CVE-2021-41136","details":"Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`.","aliases":["GHSA-48w2-rm65-62xx"],"modified":"2026-04-11T18:45:19.786381Z","published":"2021-10-12T16:15:07.630Z","related":["GHSA-48w2-rm65-62xx","SUSE-SU-2021:3728-1","SUSE-SU-2021:3729-1","SUSE-SU-2022:1515-1","openSUSE-SU-2024:11830-1","openSUSE-SU-2024:12592-1","openSUSE-SU-2024:13166-1","openSUSE-SU-2024:13721-1"],"references":[{"type":"ADVISORY","url":"https://github.com/puma/puma/security/advisories/GHSA-48w2-rm65-62xx"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2022/08/msg00015.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202208-28"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5146"},{"type":"FIX","url":"https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18"},{"type":"FIX","url":"https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f"},{"type":"FIX","url":"https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/puma/puma","events":[{"introduced":"0"},{"last_affected":"b911c13f8797aacaa8decf8532d6d7d45fda334f"},{"introduced":"13e18e8078c800adfc52af687acc1d8de5f3988d"},{"last_affected":"21e0443cca4a53c8f0f97fe5197423031cab3610"},{"fixed":"436c71807f00e07070902a03f79fd3e130eb6b18"},{"fixed":"acdc3ae571dfae0e045cf09a295280127db65c7f"},{"fixed":"fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.3.8"},{"introduced":"5.0.0"},{"last_affected":"5.5.0"}]}}],"versions":["v1.1.0","v1.1.1","v1.2.0","v1.2.1","v1.2.2","v1.3.0","v1.3.1","v1.4.0","v1.5.0","v2.0.0","v2.0.0.b2","v2.0.0.b3","v2.0.0.b4","v2.0.0.b5","v2.0.0.b6","v2.0.0.b7","v2.0.1","v2.1.0","v2.1.1","v2.10.0","v2.10.1","v2.10.2","v2.11.0","v2.11.2","v2.11.3","v2.12.0","v2.12.1","v2.12.2","v2.12.3","v2.13.0","v2.13.1","v2.13.2","v2.13.3","v2.13.4","v2.14.0","v2.15.0","v2.15.1","v2.15.2","v2.15.3","v2.16.0","v2.2.0","v2.2.1","v2.2.2","v2.3.0","v2.3.1","v2.3.2","v2.4.0","v2.4.1","v2.5.0","v2.5.1","v2.6.0","v2.7.0","v2.7.1","v2.8.1","v2.8.2","v2.9.0","v2.9.1","v2.9.2","v3.0.0","v3.0.0.rc1","v3.0.1","v3.0.2","v3.1.0","v3.1.1","v3.10.0","v3.11.0","v3.11.1","v3.11.2","v3.11.3","v3.11.4","v3.12.0","v3.2.0","v3.3.0","v3.4.0","v3.5.0","v3.5.1","v3.5.2","v3.6.0","v3.7.1","v3.8.0","v3.9.0","v3.9.1","v4.0.0","v4.0.1","v4.1.0","v4.2.0","v4.2.1","v4.3.0","v4.3.1","v4.3.2","v4.3.3","v4.3.4","v4.3.5","v4.3.6","v4.3.7","v4.3.8","v5.0.0","v5.0.1","v5.0.2","v5.0.3","v5.1.0","v5.2.0","v5.2.1","v5.2.2","v5.3.0","v5.3.1","v5.3.2","v5.4.0","v5.5.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41136.json","vanir_signatures_modified":"2026-04-11T18:45:19Z","vanir_signatures":[{"source":"https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_trans_keys_0"},"digest":{"length":1570,"function_hash":"243637905036023402108370435335451280156"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-06475605"},{"source":"https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_indicies_0"},"digest":{"length":1228,"function_hash":"231985259831941494472444397660298085827"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-1815790b"},{"source":"https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139","deprecated":false,"target":{"file":"ext/puma_http11/http11_parser.c"},"digest":{"threshold":0.9,"line_hashes":["9396889129896916358032138874074110785","311465286520304068940016006011601488920","167090362721002750835148356414983049757","210175367874060786257694337866683036901","303536267020037755582791389254378086629","167468096237305529456352112473757796655","46686546375678076456070736979209145833","287438159197284271306067611404777221691","313395298986914761469300642907912956946","10907805721791458156427638258550920134","235078852235054791404305595390422068087","301829733590196471881980973138085459346","6830494068489823924323846534513868368","273403251192835050980742874036073196704","106716358692935998287351338804956912227","13160435132862206790850726123907529481","81920000647311027084755965212579560364","179321159565694124600161421095415053768","190096087171031149247373745051785577958","130012521909532506702891256736858506586","287066351672157090007377371918587650012","308547901279785755902244110692087366915","194810186731839820654111825313140219229","168274068218993397898711231488072321780","164396275643361289912713190307762986081","132392431922035805196963481438563150516","36142573289431553726511593919295078522","228564216919818154591408362834147002359","53810814481615067892080340908543653329","109481634273455535240893536135528122672","145237950484528447241326083911051622500","160685398832185260569012532035110250244","291892045182335662081964041494277815354","253213347790306840904873851468774765988","260639083444169750361037222951937641192","245393427505200441322333117876834885225","130339952855002738500935563963678865057","75345493190787162228635623921381490953","179092965171710655984851522524509488659","276814666916486805534133320938108040872","271330542309235225172156696670631253708","69473545054431078145340848915733352228","45334952960014861546648619180338348462"]},"signature_type":"Line","signature_version":"v1","id":"CVE-2021-41136-1e1e247d"},{"source":"https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_single_lengths_0"},"digest":{"length":231,"function_hash":"133016932206101390291904218447375377337"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-282c28b6"},{"source":"https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_index_offsets_0"},"digest":{"length":298,"function_hash":"237175404082762165011592881872751229916"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-2b3a664e"},{"source":"https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_key_offsets_0"},"digest":{"length":299,"function_hash":"217904682322388869362996300694645730068"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-2c574665"},{"source":"https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_index_offsets_0"},"digest":{"length":298,"function_hash":"237175404082762165011592881872751229916"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-41c49bbe"},{"source":"https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_single_lengths_0"},"digest":{"length":231,"function_hash":"133016932206101390291904218447375377337"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-4ed34c4a"},{"source":"https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_single_lengths_0"},"digest":{"length":231,"function_hash":"133016932206101390291904218447375377337"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-4fb9dc19"},{"source":"https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_indicies_0"},"digest":{"length":1228,"function_hash":"231985259831941494472444397660298085827"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-519ec46f"},{"source":"https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139","deprecated":false,"target":{"file":"ext/puma_http11/http11_parser.c","function":"puma_parser_execute"},"digest":{"length":20712,"function_hash":"242339570277001785773233505373898606720"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-5a4933a0"},{"source":"https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_key_offsets_0"},"digest":{"length":299,"function_hash":"217904682322388869362996300694645730068"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-6ce9ea72"},{"source":"https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_index_offsets_0"},"digest":{"length":298,"function_hash":"237175404082762165011592881872751229916"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-700de44e"},{"source":"https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_range_lengths_0"},"digest":{"length":231,"function_hash":"149773232736982746806761284168545343367"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-7035b0cc"},{"source":"https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_range_lengths_0"},"digest":{"length":231,"function_hash":"149773232736982746806761284168545343367"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-7c415444"},{"source":"https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_indicies_0"},"digest":{"length":1228,"function_hash":"231985259831941494472444397660298085827"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-9439135a"},{"source":"https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f","deprecated":false,"target":{"file":"ext/puma_http11/http11_parser.c","function":"puma_parser_execute"},"digest":{"length":20712,"function_hash":"148037133648624505747146056367617308611"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-97af8335"},{"source":"https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18","deprecated":false,"target":{"file":"ext/puma_http11/http11_parser.c"},"digest":{"threshold":0.9,"line_hashes":["9396889129896916358032138874074110785","311465286520304068940016006011601488920","167090362721002750835148356414983049757","210175367874060786257694337866683036901","303536267020037755582791389254378086629","167468096237305529456352112473757796655","46686546375678076456070736979209145833","287438159197284271306067611404777221691","313395298986914761469300642907912956946","10907805721791458156427638258550920134","235078852235054791404305595390422068087","301829733590196471881980973138085459346","6830494068489823924323846534513868368","273403251192835050980742874036073196704","106716358692935998287351338804956912227","13160435132862206790850726123907529481","81920000647311027084755965212579560364","179321159565694124600161421095415053768","190096087171031149247373745051785577958","130012521909532506702891256736858506586","287066351672157090007377371918587650012","308547901279785755902244110692087366915","194810186731839820654111825313140219229","168274068218993397898711231488072321780","164396275643361289912713190307762986081","132392431922035805196963481438563150516","36142573289431553726511593919295078522","228564216919818154591408362834147002359","53810814481615067892080340908543653329","109481634273455535240893536135528122672","145237950484528447241326083911051622500","160685398832185260569012532035110250244","291892045182335662081964041494277815354","253213347790306840904873851468774765988","260639083444169750361037222951937641192","245393427505200441322333117876834885225","130339952855002738500935563963678865057","75345493190787162228635623921381490953","179092965171710655984851522524509488659","276814666916486805534133320938108040872","271330542309235225172156696670631253708","69473545054431078145340848915733352228","45334952960014861546648619180338348462"]},"signature_type":"Line","signature_version":"v1","id":"CVE-2021-41136-9aa63c3e"},{"source":"https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java"},"digest":{"threshold":0.9,"line_hashes":["169535204697166314504599887187493239918","273655938431943746795168657165293436918","290394715900014243820648210123052966839","57384868397424164691291228658388429664","334440165041501598307263668985052139287","54442755231735491292063537313014045142","44256353263148969445223985142386628115","199067731773065189421748602564937789339","233018603693615790232100788979073862225","132205268161300235858960867206655826236","189393234271525250819591150634216788389","193449567862475671725688014743467775431","114050877613624255895571241244246138466","221506577987664611990691144997414249622","32733786905806438668612656585257926599","268190116542837276480417350927784345295","286687550605576117842376837848713589027","94975771807507743689815452359118339162","155269573619398309272863819166066587980","246417130685718797040779465040792912868","124866799500248146277930786460945963011","68066688115136500497341154774442624573","316688801571060813132282181748415782472","67520356862490299338318035399864463964","226420470658690891581058883910589863581","179378540952110728204029371212539985343","1714558900664080460424410237586116725","331202073032960093161101032263643973593","60189412440982091011596227490287775941","274532983348094895609674711629694138870","21277343520638523085753373263321404924","117666034173828438759087070817081200936","13129878328287004715151083453924554003","150096014754807485941879917774536306861","265832192050034650797653751345371572345","274978969727915577888455423029699125538","89780702635697365249987112988112468305","257255235442378532224578084716734313358","111813112840830641058752589084828679761","296744140576722369674231038744686748982","154421838835199908073742409919462884078","141149440075306684596418808143330222461","249938686063927975789191939164824380715","146685132255778812398231783571574948942","215598353603797536271660566245940665430","198626000487045024679403049122395778847","312453052691082167540978824723242302110","277199932911301426206805916898617531880","219901692721736088274666754005299680943","29752322404042694340142518300671711150","281314839761543365615258805700239484358","88073889260487968734519717624387864530","84456575257557029028732017864000390806","130719352694483232512063040403590836220","110343812732896853265432929056682634680"]},"signature_type":"Line","signature_version":"v1","id":"CVE-2021-41136-b3f56ed3"},{"source":"https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_trans_keys_0"},"digest":{"length":1570,"function_hash":"243637905036023402108370435335451280156"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-bd5b8fcc"},{"source":"https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_key_offsets_0"},"digest":{"length":299,"function_hash":"217904682322388869362996300694645730068"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-bf2c01d5"},{"source":"https://github.com/puma/puma/commit/fb6ad8f8013ab5cdbb2f444cbfabd0b4fde71139","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java"},"digest":{"threshold":0.9,"line_hashes":["169535204697166314504599887187493239918","273655938431943746795168657165293436918","290394715900014243820648210123052966839","57384868397424164691291228658388429664","334440165041501598307263668985052139287","54442755231735491292063537313014045142","44256353263148969445223985142386628115","199067731773065189421748602564937789339","233018603693615790232100788979073862225","132205268161300235858960867206655826236","189393234271525250819591150634216788389","193449567862475671725688014743467775431","114050877613624255895571241244246138466","221506577987664611990691144997414249622","32733786905806438668612656585257926599","268190116542837276480417350927784345295","286687550605576117842376837848713589027","94975771807507743689815452359118339162","155269573619398309272863819166066587980","246417130685718797040779465040792912868","124866799500248146277930786460945963011","68066688115136500497341154774442624573","316688801571060813132282181748415782472","67520356862490299338318035399864463964","226420470658690891581058883910589863581","179378540952110728204029371212539985343","1714558900664080460424410237586116725","331202073032960093161101032263643973593","60189412440982091011596227490287775941","274532983348094895609674711629694138870","21277343520638523085753373263321404924","117666034173828438759087070817081200936","13129878328287004715151083453924554003","150096014754807485941879917774536306861","265832192050034650797653751345371572345","274978969727915577888455423029699125538","89780702635697365249987112988112468305","257255235442378532224578084716734313358","111813112840830641058752589084828679761","296744140576722369674231038744686748982","154421838835199908073742409919462884078","141149440075306684596418808143330222461","249938686063927975789191939164824380715","146685132255778812398231783571574948942","215598353603797536271660566245940665430","198626000487045024679403049122395778847","312453052691082167540978824723242302110","277199932911301426206805916898617531880","219901692721736088274666754005299680943","29752322404042694340142518300671711150","281314839761543365615258805700239484358","88073889260487968734519717624387864530","84456575257557029028732017864000390806","130719352694483232512063040403590836220","110343812732896853265432929056682634680"]},"signature_type":"Line","signature_version":"v1","id":"CVE-2021-41136-c365cd5a"},{"source":"https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f","deprecated":false,"target":{"file":"ext/puma_http11/http11_parser.c"},"digest":{"threshold":0.9,"line_hashes":["9396889129896916358032138874074110785","311465286520304068940016006011601488920","167090362721002750835148356414983049757","210175367874060786257694337866683036901","303536267020037755582791389254378086629","167468096237305529456352112473757796655","200218194976026091729999881669693044999","331131113139180822283316071375309716944","313395298986914761469300642907912956946","10907805721791458156427638258550920134","235078852235054791404305595390422068087","301829733590196471881980973138085459346","6830494068489823924323846534513868368","253409754725651810909322279440907084445","107969773022826293090949185385637168376","13160435132862206790850726123907529481","81920000647311027084755965212579560364","179321159565694124600161421095415053768","190096087171031149247373745051785577958","130012521909532506702891256736858506586","287066351672157090007377371918587650012","308547901279785755902244110692087366915","194810186731839820654111825313140219229","168274068218993397898711231488072321780","164396275643361289912713190307762986081","132392431922035805196963481438563150516","36142573289431553726511593919295078522","228564216919818154591408362834147002359","53810814481615067892080340908543653329","109481634273455535240893536135528122672","145237950484528447241326083911051622500","160685398832185260569012532035110250244","291892045182335662081964041494277815354","253213347790306840904873851468774765988","260639083444169750361037222951937641192","245393427505200441322333117876834885225","130339952855002738500935563963678865057","75345493190787162228635623921381490953","179092965171710655984851522524509488659","276814666916486805534133320938108040872","271330542309235225172156696670631253708","69473545054431078145340848915733352228","45334952960014861546648619180338348462"]},"signature_type":"Line","signature_version":"v1","id":"CVE-2021-41136-cb67c75b"},{"source":"https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18","deprecated":false,"target":{"file":"ext/puma_http11/http11_parser.c","function":"puma_parser_execute"},"digest":{"length":20712,"function_hash":"242339570277001785773233505373898606720"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-d7d284af"},{"source":"https://github.com/puma/puma/commit/436c71807f00e07070902a03f79fd3e130eb6b18","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_range_lengths_0"},"digest":{"length":231,"function_hash":"149773232736982746806761284168545343367"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-e1491853"},{"source":"https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java","function":"init__puma_parser_trans_keys_0"},"digest":{"length":1570,"function_hash":"243637905036023402108370435335451280156"},"signature_type":"Function","signature_version":"v1","id":"CVE-2021-41136-eb44c185"},{"source":"https://github.com/puma/puma/commit/acdc3ae571dfae0e045cf09a295280127db65c7f","deprecated":false,"target":{"file":"ext/puma_http11/org/jruby/puma/Http11Parser.java"},"digest":{"threshold":0.9,"line_hashes":["169535204697166314504599887187493239918","273655938431943746795168657165293436918","290394715900014243820648210123052966839","57384868397424164691291228658388429664","334440165041501598307263668985052139287","54442755231735491292063537313014045142","44256353263148969445223985142386628115","199067731773065189421748602564937789339","233018603693615790232100788979073862225","132205268161300235858960867206655826236","189393234271525250819591150634216788389","193449567862475671725688014743467775431","114050877613624255895571241244246138466","221506577987664611990691144997414249622","32733786905806438668612656585257926599","268190116542837276480417350927784345295","286687550605576117842376837848713589027","94975771807507743689815452359118339162","155269573619398309272863819166066587980","246417130685718797040779465040792912868","124866799500248146277930786460945963011","68066688115136500497341154774442624573","316688801571060813132282181748415782472","67520356862490299338318035399864463964","226420470658690891581058883910589863581","179378540952110728204029371212539985343","1714558900664080460424410237586116725","331202073032960093161101032263643973593","60189412440982091011596227490287775941","274532983348094895609674711629694138870","21277343520638523085753373263321404924","117666034173828438759087070817081200936","13129878328287004715151083453924554003","150096014754807485941879917774536306861","265832192050034650797653751345371572345","274978969727915577888455423029699125538","89780702635697365249987112988112468305","257255235442378532224578084716734313358","111813112840830641058752589084828679761","296744140576722369674231038744686748982","154421838835199908073742409919462884078","141149440075306684596418808143330222461","249938686063927975789191939164824380715","146685132255778812398231783571574948942","215598353603797536271660566245940665430","198626000487045024679403049122395778847","312453052691082167540978824723242302110","277199932911301426206805916898617531880","219901692721736088274666754005299680943","29752322404042694340142518300671711150","281314839761543365615258805700239484358","88073889260487968734519717624387864530","84456575257557029028732017864000390806","130719352694483232512063040403590836220","110343812732896853265432929056682634680"]},"signature_type":"Line","signature_version":"v1","id":"CVE-2021-41136-ef34d6cd"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"}]}