Ruby Programming Language Webrick
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Ruby Programming Language Webrick.
By the Year
In 2026 there have been 0 vulnerabilities in Ruby Programming Language Webrick. Last year, in 2025 Webrick had 1 security vulnerability published. Right now, Webrick is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 5.90 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.50 |
| 2019 | 1 | 5.50 |
It may take a day or so for new Webrick vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ruby Programming Language Webrick Security Vulnerabilities
Ruby WEBrick HTTP RQ Smuggling via read_headers CVE-2025-6442
CVE-2025-6442
5.9 - Medium
- June 25, 2025
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected installations of Ruby WEBrick. This issue is exploitable when the product is deployed behind an HTTP proxy that fulfills specific conditions. The specific flaw exists within the read_headers method. The issue results from the inconsistent parsing of terminators of HTTP headers. An attacker can leverage this vulnerability to smuggle arbitrary HTTP requests. Was ZDI-CAN-21876.
HTTP Request Smuggling
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1
CVE-2020-25613
7.5 - High
- October 06, 2020
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
HTTP Request Smuggling
The WEBrick gem 1.4.2 for Ruby
CVE-2019-11879
5.5 - Medium
- May 10, 2019
The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ruby Programming Language Webrick or by Ruby Programming Language? Click the Watch button to subscribe.
