ALAS-2020-1451 --- ruby24, rubygem24, rubygems24| ID: oval:org.secpod.oval:def:1601214 | Date: (C)2020-11-19 (M)2024-01-29 |
| Class: PATCH | Family: unix |
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy , which may lead to an HTTP Request Smuggling attack
| Platform: |
| Amazon Linux AMI |
| Product: |
| ruby24 |
| rubygem24 |
| rubygems24 |
