webrick 1.4.2
HTTP Request Smuggling in ruby webrick
high severity CVE-2024-47220>= 1.8.2
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request.
NOTE: the supplier''s position is "Webrick should not be used in production."
Potential HTTP Request Smuggling Vulnerability in WEBrick
high severity CVE-2020-25613>= 1.6.1
WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to "smuggle" a request. See CWE-444 in detail.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.