ALAS-2020-1451 --- ruby24, rubygem24, rubygems24ID: oval:org.secpod.oval:def:1601214 | Date: (C)2020-11-19 (M)2024-01-29 |
Class: PATCH | Family: unix |
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy , which may lead to an HTTP Request Smuggling attack
Platform: |
Amazon Linux AMI |
Product: |
ruby24 |
rubygem24 |
rubygems24 |