RubySec

Providing security resources for the Ruby community

CVE-2020-25613 (webrick): Potential HTTP Request Smuggling Vulnerability in WEBrick

ADVISORIES

GEM

webrick

PATCHED VERSIONS

  • >= 1.6.1

DESCRIPTION

WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request. See CWE-444 in detail.