ALAS-2021-1468 --- ruby20 rubygems20 rubygem20ID: oval:org.secpod.oval:def:1601403 | Date: (C)2021-01-21 (M)2024-01-29 |
Class: PATCH | Family: unix |
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy , which may lead to an HTTP Request Smuggling attack
Platform: |
Amazon Linux AMI |
Product: |
ruby20 |
rubygems20 |
rubygem20 |