Index: vuln-2012.xml =================================================================== --- vuln-2012.xml (revision 566486) +++ vuln-2012.xml (working copy) @@ -8885,7 +8885,7 @@ jruby - 1.6.5.1 + 9.2.12.0 ruby @@ -8953,7 +8953,7 @@ 2011-12-28 2012-01-16 - 2012-01-20 + 2021-02-24 Index: vuln-2018.xml =================================================================== --- vuln-2018.xml (revision 566486) +++ vuln-2018.xml (working copy) @@ -8481,6 +8481,10 @@ ruby -- multiple vulnerabilities + jruby + 9.2.12.0 + + ruby 2.3.0,12.3.7,1 2.4.0,12.4.4,1 @@ -8561,6 +8565,7 @@ 2018-03-28 2018-03-29 + 2021-02-24 Index: vuln-2019.xml =================================================================== --- vuln-2019.xml (revision 566486) +++ vuln-2019.xml (working copy) @@ -2439,6 +2439,10 @@ ruby -- multiple vulnerabilities + jruby + 9.2.12.0 + + ruby 2.4.0,12.4.9,1 2.5.0,12.5.7,1 @@ -2490,6 +2494,7 @@ 2019-10-01 2019-10-02 + 2021-02-24 Index: vuln.xml =================================================================== --- vuln.xml (revision 566486) +++ vuln.xml (working copy) @@ -78,6 +78,46 @@ * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + ruby -- Potential HTTP Request Smuggling Vulnerability in WEBrick + + + jruby + 9.2.12.0 + + + rubygem-webrick + 1.6.0 + + + ruby + 2.7.02.7.1 + 2.6.02.6.6 + 2.5.8 + + + + +

Ruby news:

+
+ WEBrick was too tolerant against an invalid Transfer-Encoding header. + This may lead to inconsistent interpretation between WEBrick and some + HTTP proxy servers, which may allow the attacker to "smuggle" a request. +
+

+ + + + https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/ + https://cwe.mitre.org/data/definitions/444.html + + + 2020-09-29 + 2021-02-24 + + + redis -- Integer overflow on 32-bit systems