High severityOSV Advisory· Published Sep 22, 2024· Updated Apr 15, 2026
CVE-2024-47220
CVE-2024-47220
Description
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
webrickRubyGems | < 1.8.2 | 1.8.2 |
Affected products
39- osv-coords38 versionspkg:apk/chainguard/kube-fluentd-operatorpkg:apk/chainguard/kube-fluentd-operator-compatpkg:apk/chainguard/kube-fluentd-operator-default-configpkg:apk/chainguard/kube-fluentd-operator-oci-entrypointpkg:apk/chainguard/ruby3.1-fluentd-kubernetes-daemonset-1.16pkg:apk/chainguard/ruby3.1-fluentd-kubernetes-daemonset-1.16-kinesispkg:apk/chainguard/ruby3.2-fluentd-kubernetes-daemonset-1.16pkg:apk/chainguard/ruby3.2-fluentd-kubernetes-daemonset-1.16-kinesispkg:apk/chainguard/ruby3.2-webrickpkg:apk/chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.16pkg:apk/chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.16-kinesispkg:apk/chainguard/ruby3.4-fluentd-kubernetes-daemonset-1.16pkg:apk/chainguard/ruby3.4-fluentd-kubernetes-daemonset-1.16-kinesispkg:apk/wolfi/kube-fluentd-operatorpkg:apk/wolfi/kube-fluentd-operator-compatpkg:apk/wolfi/kube-fluentd-operator-default-configpkg:apk/wolfi/kube-fluentd-operator-oci-entrypointpkg:apk/wolfi/ruby3.2-webrickpkg:gem/webrickpkg:rpm/opensuse/ruby2.5&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/ruby2.1&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/ruby2.5&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/ruby2.5&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/ruby2.5&distro=SUSE%20Manager%20Proxy%204.3pkg:rpm/suse/ruby2.5&distro=SUSE%20Manager%20Server%204.3
< 1.18.2-r33+ 37 more
- (no CPE)range: < 1.18.2-r33
- (no CPE)range: < 1.18.2-r33
- (no CPE)range: < 1.18.2-r33
- (no CPE)range: < 1.18.2-r33
- (no CPE)range: < 1.16.6.1.2-r1
- (no CPE)range: < 1.16.6.1.2-r1
- (no CPE)range: < 1.16.6.1.2-r1
- (no CPE)range: < 1.16.6.1.2-r1
- (no CPE)range: < 1.8.2-r0
- (no CPE)range: < 1.16.6.1.2-r1
- (no CPE)range: < 1.16.6.1.2-r1
- (no CPE)range: < 1.16.6.1.2-r2
- (no CPE)range: < 1.16.6.1.2-r2
- (no CPE)range: < 1.18.2-r33
- (no CPE)range: < 1.18.2-r33
- (no CPE)range: < 1.18.2-r33
- (no CPE)range: < 1.18.2-r33
- (no CPE)range: < 1.8.2-r0
- (no CPE)range: < 1.8.2
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.1.9-19.9.1
- (no CPE)range: < 2.1.9-19.9.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150700.24.3.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
- (no CPE)range: < 2.5.9-150000.4.36.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-6f62-3596-g6w7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-47220ghsaADVISORY
- github.com/ruby/webrick/commit/f5faca9222541591e1a7c3c97552ebb0c92733c7ghsaWEB
- github.com/ruby/webrick/issues/145nvdWEB
- github.com/ruby/webrick/issues/145nvdWEB
- github.com/ruby/webrick/issues/145nvdWEB
- github.com/ruby/webrick/pull/146/commits/d88321da45dcd230ac2b4585cad4833d6d5e8841nvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/webrick/CVE-2024-47220.ymlghsaWEB
News mentions
0No linked articles in our index yet.