ADVISORIES

• CVE-2020-25613 (NVD)
• GHSA-gwfg-cqmg-cf8f
• Vendor Advisory

GEM

webrick

SEVERITY

CVSS v3.x: 7.5 (High)

PATCHED VERSIONS

• >= 1.6.1

DESCRIPTION

WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to "smuggle" a request. See CWE-444 in detail.