VYPR
High severityOSV Advisory· Published Sep 22, 2024· Updated Apr 15, 2026

CVE-2024-47220

CVE-2024-47220

Description

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
webrickRubyGems
< 1.8.21.8.2

Affected products

39

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.