CVE-2020-25613
gem/webrick
Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)
An issue was discovered in Ruby WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
All versions up to 1.6.0
Upgrade to version 1.6.1 or above.
2020-10-22
source |