2024-09-22 00:00:00
mitre
PUBLISHED
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1rn" inside of a "POST /user HTTP/1.1rn" request. NOTE: the suppliers position is "Webrick should not be used in production."