Skip to main content

Webrick

3 CVEs product

Monthly

CVE-2025-6442 Ruby MEDIUM PATCH This Month

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.

Information Disclosure Ubuntu Debian Webrick Red Hat +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2020-25613 Ruby HIGH PATCH This Week

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Ruby Webrick Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2019-11879 MEDIUM This Month

The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apache Webrick
NVD
CVSS 3.0
5.5
EPSS
0.5%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.

Information Disclosure Ubuntu Debian +3
NVD GitHub
EPSS 4% CVSS 7.5
HIGH PATCH This Week

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Ruby +2
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM This Month

The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Apache Webrick
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy