CVE-2020-25613

CVE-2020-25613 affects Ruby’s WEBrick HTTP server: transfer-encoding header handling was not sufficiently validated, potentially allowing HTTP Request Smuggling by an attacker bypassing a misconfigured reverse proxy. The issue is present in Ruby versions up to 2.5.8, 2.6.x up to 2.6.6, and 2.7.x ...

CVE-2008-1145

CVE-2008-1145 is a directory traversal vulnerability in WEBrick for Ruby. Affected: Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, on systems with backslash path separators or case-insensitive filenames. Exploitation via encoded backslashes ("..\" sequences) or filenames matc...

CVE-2009-4492

CVE-2009-4492 affects WEBrick in Ruby: WEBrick 1.3.1 on Ruby 1.8.6–patchlevel 383, 1.8.7–patchlevel 248, 1.8.8dev, 1.9.1–patchlevel 376, and 1.9.2dev logs non‑printable characters and may allow a remote attacker to modify a window title or possibly execute commands/overwrite files via an HTTP esc...

CVE-2019-11879

The CVE references the WEBrick gem version 1.4.2 for Ruby, identifying a directory-traversal issue where an attacker with local access could create a symlink outside the web root to expose data. Affected component: WEBrick gem 1.4.2 (Ruby). Underlying cause: symlink handling allowed traversal whe...

CVE-2025-6442

CVE-2025-6442 affects Ruby WEBrick: the vulnerability is a flaw in read_headers that causes inconsistent termination parsing of HTTP headers, enabling HTTP request smuggling under certain proxy conditions. Affected are Ruby WEBrick and Rubygem-WeBrick components across several platforms (e.g., Ru...