CVE-2020-7659

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7659

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7659.json

Aliases

GHSA-x3v4-pxvm-63j8
SNYK-RUBY-REEL-569135

Published

2020-06-01T13:15:10Z

Modified

2023-11-29T08:35:36.201485Z

Details

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TE:CL smuggling attacks. Note: This project is deprecated, and is not maintained any more.

References

https://snyk.io/vuln/SNYK-RUBY-REEL-569135

Affected packages

Git / github.com/celluloid/reel

Affected ranges

Type: GIT
Repo: https://github.com/celluloid/reel
Events: Introduced

0The exact introduced commit is unknown

Last affected

99d184d5502bff5ba8a16f6ce7fd89161f62f183

Affected versions

v0.*

v0.0.1

v0.0.2

v0.1.0

v0.2.0

v0.2.0.pre

v0.3.0

v0.3.0.pre

v0.4.0

v0.4.0.pre

v0.4.0.pre2

v0.4.0.pre3

v0.4.0.pre4

v0.4.0.pre5

v0.4.0.pre6

v0.4.0.pre7

v0.5.0

v0.5.0.pre

v0.6.0

v0.6.1