An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "2.3.1-2~ubuntu16.04.15", "binary_name": "libruby2.3" }, { "binary_version": "2.3.1-2~ubuntu16.04.15", "binary_name": "libruby2.3-dbg" }, { "binary_version": "2.3.1-2~ubuntu16.04.15", "binary_name": "libruby2.3-dbgsym" }, { "binary_version": "2.3.1-2~ubuntu16.04.15", "binary_name": "ruby2.3" }, { "binary_version": "2.3.1-2~ubuntu16.04.15", "binary_name": "ruby2.3-dbgsym" }, { "binary_version": "2.3.1-2~ubuntu16.04.15", "binary_name": "ruby2.3-dev" }, { "binary_version": "2.3.1-2~ubuntu16.04.15", "binary_name": "ruby2.3-dev-dbgsym" }, { "binary_version": "2.3.1-2~ubuntu16.04.15", "binary_name": "ruby2.3-doc" }, { "binary_version": "2.3.1-2~ubuntu16.04.15", "binary_name": "ruby2.3-tcltk" }, { "binary_version": "2.3.1-2~ubuntu16.04.15", "binary_name": "ruby2.3-tcltk-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "2.5.1-1ubuntu1.8", "binary_name": "libruby2.5" }, { "binary_version": "2.5.1-1ubuntu1.8", "binary_name": "libruby2.5-dbgsym" }, { "binary_version": "2.5.1-1ubuntu1.8", "binary_name": "ruby2.5" }, { "binary_version": "2.5.1-1ubuntu1.8", "binary_name": "ruby2.5-dbgsym" }, { "binary_version": "2.5.1-1ubuntu1.8", "binary_name": "ruby2.5-dev" }, { "binary_version": "2.5.1-1ubuntu1.8", "binary_name": "ruby2.5-doc" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "binary_version": "2.7.0-5ubuntu1.3", "binary_name": "libruby2.7" }, { "binary_version": "2.7.0-5ubuntu1.3", "binary_name": "libruby2.7-dbgsym" }, { "binary_version": "2.7.0-5ubuntu1.3", "binary_name": "ruby2.7" }, { "binary_version": "2.7.0-5ubuntu1.3", "binary_name": "ruby2.7-dbgsym" }, { "binary_version": "2.7.0-5ubuntu1.3", "binary_name": "ruby2.7-dev" }, { "binary_version": "2.7.0-5ubuntu1.3", "binary_name": "ruby2.7-doc" } ] }