VulnerableCode Package Details - pkg:gem/webrick@1.4.4

Search for packages

Vulnerability	Summary	Fixed by
VCID-3wgz-s6g4-n3fk Aliases: CVE-2024-47220 GHSA-6f62-3596-g6w7	HTTP Request Smuggling in ruby webrick An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."	1.8.2 Affected by 0 other vulnerabilities.
VCID-pay9-phaz-bbde Aliases: CVE-2025-6442 GHSA-r995-q44h-hr64	Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.	1.8.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-3wgz-s6g4-n3fk
Aliases:
CVE-2024-47220
GHSA-6f62-3596-g6w7

HTTP Request Smuggling in ruby webrick An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."

1.8.2
Affected by 0 other vulnerabilities.

VCID-pay9-phaz-bbde
Aliases:
CVE-2025-6442
GHSA-r995-q44h-hr64

Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.

1.8.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-vcz9-dvf4-47am	Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.	CVE-2020-25613 GHSA-gwfg-cqmg-cf8f

Vulnerability

Summary

Aliases

VCID-vcz9-dvf4-47am

Multiple vulnerabilities have been discovered in Ruby, the worst of which could lead to execution of arbitrary code.

CVE-2020-25613
GHSA-gwfg-cqmg-cf8f

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T03:25:35.017068+00:00	GHSA Importer	Affected by	VCID-pay9-phaz-bbde	https://github.com/advisories/GHSA-r995-q44h-hr64	38.4.0
2026-04-16T03:12:01.290409+00:00	GHSA Importer	Affected by	VCID-3wgz-s6g4-n3fk	https://github.com/advisories/GHSA-6f62-3596-g6w7	38.4.0
2026-04-12T00:51:32.459626+00:00	GitLab Importer	Affected by	VCID-pay9-phaz-bbde	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2025-6442.yml	38.3.0
2026-04-12T00:27:28.570682+00:00	GitLab Importer	Affected by	VCID-3wgz-s6g4-n3fk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2024-47220.yml	38.3.0
2026-04-11T23:11:23.790923+00:00	GitLab Importer	Fixing	VCID-vcz9-dvf4-47am	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2020-25613.yml	38.3.0
2026-04-11T14:54:37.729963+00:00	GHSA Importer	Affected by	VCID-pay9-phaz-bbde	https://github.com/advisories/GHSA-r995-q44h-hr64	38.3.0
2026-04-11T14:40:49.136317+00:00	GHSA Importer	Affected by	VCID-3wgz-s6g4-n3fk	https://github.com/advisories/GHSA-6f62-3596-g6w7	38.3.0
2026-04-03T00:59:37.150617+00:00	GitLab Importer	Affected by	VCID-pay9-phaz-bbde	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2025-6442.yml	38.1.0
2026-04-03T00:35:10.322755+00:00	GitLab Importer	Affected by	VCID-3wgz-s6g4-n3fk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2024-47220.yml	38.1.0
2026-04-02T23:19:51.644940+00:00	GitLab Importer	Fixing	VCID-vcz9-dvf4-47am	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2020-25613.yml	38.1.0
2026-04-02T15:34:09.581691+00:00	GHSA Importer	Affected by	VCID-pay9-phaz-bbde	https://github.com/advisories/GHSA-r995-q44h-hr64	38.1.0
2026-04-02T15:21:25.875650+00:00	GHSA Importer	Affected by	VCID-3wgz-s6g4-n3fk	https://github.com/advisories/GHSA-6f62-3596-g6w7	38.1.0
2026-04-01T17:40:23.795535+00:00	GitLab Importer	Fixing	VCID-vcz9-dvf4-47am	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2020-25613.yml	38.0.0
2026-04-01T16:01:48.407594+00:00	GHSA Importer	Fixing	VCID-vcz9-dvf4-47am	https://github.com/advisories/GHSA-gwfg-cqmg-cf8f	38.0.0
2026-04-01T13:12:02.108868+00:00	GithubOSV Importer	Fixing	VCID-vcz9-dvf4-47am	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-gwfg-cqmg-cf8f/GHSA-gwfg-cqmg-cf8f.json	38.0.0