logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-25613

Description

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. #### Bugs * <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972230>


Affected Package


OS OS Version Package Name Package Version
ubuntu upstream ruby1.9.1 any
ubuntu upstream ruby2.0 any
ubuntu upstream ruby2.3 any
ubuntu 16.04 ruby2.3 2.3.1-2~ubuntu16.04.15
ubuntu upstream ruby2.5 any
ubuntu 20.04 ruby2.7 2.7.0-5ubuntu1.3
ubuntu 20.10 ruby2.7 2.7.1-3ubuntu1.2
ubuntu upstream ruby2.7 2.7.1-4

Related