Lucene search

K
rubygemsRubySecRUBY:RUBY-2019-16254
HistorySep 30, 2019 - 9:00 p.m.

HTTP response splitting in WEBrick (Additional fix)

2019-09-3021:00:00
RubySec
rubysec.com
25

If a program using WEBrick inserts untrusted input into the response header,
an attacker can exploit it to insert a newline character to split a header,
and inject malicious content to deceive clients.

This is the same issue as CVE-2017-17742. The previous fix was incomplete,
which addressed the CRLF vector, but did not address an isolated CR or an
isolated LF.