VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-3wgz-s6g4-n3fk

Essentials
Severities (33)
References (18)
Severity details (23)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-3wgz-s6g4-n3fk
Aliases	CVE-2024-47220 GHSA-6f62-3596-g6w7
Summary	HTTP Request Smuggling in ruby webrick An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-444	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47220.json
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-47220
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-47220
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-47220
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-47220
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-47220
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-47220
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-47220
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-47220
epss	0.00108	https://api.first.org/data/v1/epss?cve=CVE-2024-47220
cvssv3.1	8.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	7.5	https://github.com/advisories/GHSA-6f62-3596-g6w7
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-6f62-3596-g6w7
cvssv3.1	7.5	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2024-47220.yml
generic_textual	HIGH	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2024-47220.yml
cvssv3.1	7.5	https://github.com/ruby/webrick
generic_textual	HIGH	https://github.com/ruby/webrick
cvssv3.1	7.5	https://github.com/ruby/webrick/commit/f5faca9222541591e1a7c3c97552ebb0c92733c7
generic_textual	HIGH	https://github.com/ruby/webrick/commit/f5faca9222541591e1a7c3c97552ebb0c92733c7
cvssv3.1	7.5	https://github.com/ruby/webrick/issues/145
generic_textual	HIGH	https://github.com/ruby/webrick/issues/145
ssvc	Track	https://github.com/ruby/webrick/issues/145
cvssv3.1	7.5	https://github.com/ruby/webrick/issues/145#issuecomment-2369994610
generic_textual	HIGH	https://github.com/ruby/webrick/issues/145#issuecomment-2369994610
ssvc	Track	https://github.com/ruby/webrick/issues/145#issuecomment-2369994610
cvssv3.1	7.5	https://github.com/ruby/webrick/issues/145#issuecomment-2372838285
generic_textual	HIGH	https://github.com/ruby/webrick/issues/145#issuecomment-2372838285
ssvc	Track	https://github.com/ruby/webrick/issues/145#issuecomment-2372838285
cvssv3.1	7.5	https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841
generic_textual	HIGH	https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841
ssvc	Track	https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2024-47220
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2024-47220

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47220.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-47220
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/advisories/GHSA-6f62-3596-g6w7
		https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2024-47220.yml
		https://github.com/ruby/webrick
		https://github.com/ruby/webrick/commit/f5faca9222541591e1a7c3c97552ebb0c92733c7
		https://github.com/ruby/webrick/issues/145
		https://github.com/ruby/webrick/issues/145#issuecomment-2369994610
		https://github.com/ruby/webrick/issues/145#issuecomment-2372838285
		https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841
		https://nvd.nist.gov/vuln/detail/CVE-2024-47220
1082633		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1082633
2314051		https://bugzilla.redhat.com/show_bug.cgi?id=2314051
RHSA-2025:1227		https://access.redhat.com/errata/RHSA-2025:1227
USN-7057-1		https://usn.ubuntu.com/7057-1/
USN-7057-2		https://usn.ubuntu.com/7057-2/
USN-7840-1		https://usn.ubuntu.com/7840-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-47220.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2024-47220.yml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/ruby/webrick

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/ruby/webrick/commit/f5faca9222541591e1a7c3c97552ebb0c92733c7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/ruby/webrick/issues/145

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T15:01:28Z/ Found at https://github.com/ruby/webrick/issues/145

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/ruby/webrick/issues/145#issuecomment-2369994610

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T15:01:28Z/ Found at https://github.com/ruby/webrick/issues/145#issuecomment-2369994610

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/ruby/webrick/issues/145#issuecomment-2372838285

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T15:01:28Z/ Found at https://github.com/ruby/webrick/issues/145#issuecomment-2372838285

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-23T15:01:28Z/ Found at https://github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-47220

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.29139
EPSS Score	0.00108
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:49:47.853476+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-6f62-3596-g6w7/GHSA-6f62-3596-g6w7.json	38.0.0