CGA-j6x8-f3pp-f233

Published

Last updated

https://images.chainguard.dev/security/CGA-j6x8-f3pp-f233

Package

gitlab-cng-17.0

Latest Update

Fix not planned

Aliases

GHSA-6f62-3596-g6w7

Severity

7.5

High

CVSS V3

Summary

HTTP Request Smuggling in ruby webrick

Description

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."

References

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-j6x8-f3pp-f233

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources