Security Advisory

CVE-2024-47220

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-09-22 00:00:00

Last updated 2025-01-09 17:33:17

Assigner mitre

State PUBLISHED

Description

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1rn" inside of a "POST /user HTTP/1.1rn" request. NOTE: the suppliers position is "Webrick should not be used in production."

← Browse all CVEs View on cve.org ↗