Ruby Programming Language Webrick
By the Year
In 2023 there have been 0 vulnerabilities in Ruby Programming Language Webrick . Webrick did not have any published security vulnerabilities last year.
It may take a day or so for new Webrick vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Ruby Programming Language Webrick Security Vulnerabilities
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1
7.5 - High
- October 06, 2020
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
HTTP Request Smuggling
** DISPUTED ** The WEBrick gem 1.4.2 for Ruby
5.5 - Medium
- May 10, 2019
** DISPUTED ** The WEBrick gem 1.4.2 for Ruby allows directory traversal if the attacker once had local access to create a symlink to a location outside of the web root directory. NOTE: The vendor states that this is analogous to Options FollowSymlinks in the Apache HTTP Server, and therefore it is "not a problem."
insecure temporary file
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Ruby Programming Language Webrick or by Ruby Programming Language? Click the Watch button to subscribe.