Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/webrick@1.8.2
purl pkg:gem/webrick@1.8.2
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-3wgz-s6g4-n3fk HTTP Request Smuggling in ruby webrick An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production." CVE-2024-47220
GHSA-6f62-3596-g6w7
VCID-pay9-phaz-bbde Ruby WEBrick read_headers method can lead to HTTP Request/Response Smuggling Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876. CVE-2025-6442
GHSA-r995-q44h-hr64

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T23:31:41.696250+00:00 GitLab Importer Fixing VCID-pay9-phaz-bbde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2025-6442.yml 38.4.0
2026-04-16T03:25:35.029358+00:00 GHSA Importer Fixing VCID-pay9-phaz-bbde https://github.com/advisories/GHSA-r995-q44h-hr64 38.4.0
2026-04-12T00:51:32.488234+00:00 GitLab Importer Fixing VCID-pay9-phaz-bbde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2025-6442.yml 38.3.0
2026-04-11T14:54:37.760619+00:00 GHSA Importer Fixing VCID-pay9-phaz-bbde https://github.com/advisories/GHSA-r995-q44h-hr64 38.3.0
2026-04-03T00:59:37.176483+00:00 GitLab Importer Fixing VCID-pay9-phaz-bbde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2025-6442.yml 38.1.0
2026-04-02T15:34:09.612398+00:00 GHSA Importer Fixing VCID-pay9-phaz-bbde https://github.com/advisories/GHSA-r995-q44h-hr64 38.1.0
2026-04-02T12:41:37.563956+00:00 GitLab Importer Fixing VCID-pay9-phaz-bbde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2025-6442.yml 38.0.0
2026-04-02T12:40:06.122825+00:00 GitLab Importer Fixing VCID-3wgz-s6g4-n3fk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/webrick/CVE-2024-47220.yml 38.0.0
2026-04-01T16:06:28.873429+00:00 GHSA Importer Fixing VCID-3wgz-s6g4-n3fk https://github.com/advisories/GHSA-6f62-3596-g6w7 38.0.0
2026-04-01T12:56:46.930578+00:00 GithubOSV Importer Fixing VCID-pay9-phaz-bbde https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-r995-q44h-hr64/GHSA-r995-q44h-hr64.json 38.0.0
2026-04-01T12:49:47.880602+00:00 GithubOSV Importer Fixing VCID-3wgz-s6g4-n3fk https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-6f62-3596-g6w7/GHSA-6f62-3596-g6w7.json 38.0.0