VulnerableCode Package Details - pkg:deb/debian/ruby-webrick@1.8.1-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-3wgz-s6g4-n3fk Aliases: CVE-2024-47220 GHSA-6f62-3596-g6w7	HTTP Request Smuggling in ruby webrick An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."	1.9.1-1 Affected by 0 other vulnerabilities.
VCID-pay9-phaz-bbde Aliases: CVE-2025-6442 GHSA-r995-q44h-hr64	Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.	1.9.1-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3wgz-s6g4-n3fk
Aliases:
CVE-2024-47220
GHSA-6f62-3596-g6w7

HTTP Request Smuggling in ruby webrick An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."

1.9.1-1
Affected by 0 other vulnerabilities.

VCID-pay9-phaz-bbde
Aliases:
CVE-2025-6442
GHSA-r995-q44h-hr64

Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.

1.9.1-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:07:22.853997+00:00	Debian Importer	Affected by	VCID-pay9-phaz-bbde	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:47:49.243076+00:00	Debian Importer	Affected by	VCID-3wgz-s6g4-n3fk	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:01:29.265252+00:00	Debian Importer	Affected by	VCID-pay9-phaz-bbde	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:02:47.737143+00:00	Debian Importer	Affected by	VCID-3wgz-s6g4-n3fk	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-08T20:00:13.017136+00:00	Debian Importer	Affected by	VCID-pay9-phaz-bbde	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:21:33.650647+00:00	Debian Importer	Affected by	VCID-3wgz-s6g4-n3fk	https://security-tracker.debian.org/tracker/data/json	38.1.0