webrick 1.4.2

2 security vulnerabilities found in version 1.4.2

HTTP Request Smuggling in ruby webrick

high severity CVE-2024-47220
high severity CVE-2024-47220
Patched versions: >= 1.8.2

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request.

NOTE: the supplier''s position is "Webrick should not be used in production."

Potential HTTP Request Smuggling Vulnerability in WEBrick

high severity CVE-2020-25613
high severity CVE-2020-25613
Patched versions: >= 1.6.1

WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to "smuggle" a request. See CWE-444 in detail.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.