logo
DATABASE RESOURCES PRICING ABOUT US

Medium: ruby20

Description

**Issue Overview:** An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. ([CVE-2020-25613 __](<https://access.redhat.com/security/cve/CVE-2020-25613>)) **Affected Packages:** ruby20 **Issue Correction:** Run _yum update ruby20_ to update your system. **New Packages:** i686: rubygem20-io-console-0.4.2-2.39.amzn1.i686 rubygem20-bigdecimal-1.2.0-2.39.amzn1.i686 ruby20-2.0.0.648-2.39.amzn1.i686 ruby20-debuginfo-2.0.0.648-2.39.amzn1.i686 ruby20-libs-2.0.0.648-2.39.amzn1.i686 ruby20-devel-2.0.0.648-2.39.amzn1.i686 rubygem20-psych-2.0.0-2.39.amzn1.i686 noarch: ruby20-irb-2.0.0.648-2.39.amzn1.noarch rubygems20-devel-2.0.14.1-2.39.amzn1.noarch rubygems20-2.0.14.1-2.39.amzn1.noarch ruby20-doc-2.0.0.648-2.39.amzn1.noarch src: ruby20-2.0.0.648-2.39.amzn1.src x86_64: ruby20-2.0.0.648-2.39.amzn1.x86_64 rubygem20-bigdecimal-1.2.0-2.39.amzn1.x86_64 ruby20-debuginfo-2.0.0.648-2.39.amzn1.x86_64 ruby20-devel-2.0.0.648-2.39.amzn1.x86_64 ruby20-libs-2.0.0.648-2.39.amzn1.x86_64 rubygem20-psych-2.0.0-2.39.amzn1.x86_64 rubygem20-io-console-0.4.2-2.39.amzn1.x86_64


Affected Package


OS OS Version Package Name Package Version
Amazon Linux 1 rubygem20-psych 2.0.0-2.39.amzn1
Amazon Linux 1 ruby20-debuginfo 2.0.0.648-2.39.amzn1
Amazon Linux 1 ruby20-debuginfo 2.0.0.648-2.39.amzn1
Amazon Linux 1 rubygem20-bigdecimal 1.2.0-2.39.amzn1
Amazon Linux 1 ruby20-irb 2.0.0.648-2.39.amzn1
Amazon Linux 1 ruby20-devel 2.0.0.648-2.39.amzn1
Amazon Linux 1 ruby20 2.0.0.648-2.39.amzn1
Amazon Linux 1 rubygem20-io-console 0.4.2-2.39.amzn1
Amazon Linux 1 ruby20-devel 2.0.0.648-2.39.amzn1
Amazon Linux 1 rubygems20 2.0.14.1-2.39.amzn1
Amazon Linux 1 ruby20-doc 2.0.0.648-2.39.amzn1
Amazon Linux 1 rubygem20-psych 2.0.0-2.39.amzn1
Amazon Linux 1 ruby20 2.0.0.648-2.39.amzn1
Amazon Linux 1 ruby20-libs 2.0.0.648-2.39.amzn1
Amazon Linux 1 rubygems20-devel 2.0.14.1-2.39.amzn1
Amazon Linux 1 rubygem20-bigdecimal 1.2.0-2.39.amzn1
Amazon Linux 1 ruby20 2.0.0.648-2.39.amzn1
Amazon Linux 1 rubygem20-io-console 0.4.2-2.39.amzn1
Amazon Linux 1 ruby20-libs 2.0.0.648-2.39.amzn1

Related