High severityNVD Advisory· Published Jun 1, 2020· Updated Aug 4, 2024
CVE-2020-7659
CVE-2020-7659
Description
reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks. Note: This project is deprecated, and is not maintained any more.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
reelRubyGems | <= 0.6.1 | — |
Affected products
2- reel/reeldescription
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-x3v4-pxvm-63j8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7659ghsaADVISORY
- snyk.io/vuln/SNYK-RUBY-REEL-569135ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.