Search CVE reports
1 – 2 of 2 results
Some fixes available 7 of 12
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is...
5 affected packages
ruby-webrick, jruby, ruby2.3, ruby2.5, ruby2.7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-webrick | Fixed | Fixed | — | — |
| jruby | Not affected | Not in release | Vulnerable | Vulnerable |
| ruby2.3 | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | — | Fixed |
| ruby2.7 | Not in release | Not in release | Fixed | — |
Some fixes available 8 of 12
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST...
5 affected packages
ruby-webrick, jruby, ruby2.3, ruby2.5, ruby2.7
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ruby-webrick | Fixed | Fixed | Not in release | — |
| jruby | Not affected | Not in release | Vulnerable | Vulnerable |
| ruby2.3 | Not in release | Not in release | — | — |
| ruby2.5 | Not in release | Not in release | — | Fixed |
| ruby2.7 | Not in release | Not in release | Fixed | — |