CVE-2020-25613 in Ruby Programming Language and Fedora Project Products
Published on October 6, 2020

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2020-25613

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-25613 are published in these products:

Ruby Programming Language Ruby Language

Ruby Programming Language Webrick

Fedora Project Fedora

Exploit Probability

EPSS

0.27%

Percentile

50.23%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-25613 in Ruby Programming Language and Fedora Project ProductsPublished on October 6, 2020

Products Associated with CVE-2020-25613

Exploit Probability

CVE-2020-25613 in Ruby Programming Language and Fedora Project Products
Published on October 6, 2020