Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2024-47220

Published: Sep 22, 2024 | Modified: Jan 09, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2024-47220
CWEhttps://cwe.mitre.org/data/definitions/.html

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., GET /admin HTTP/1.1rn inside of a POST /user HTTP/1.1rn request. NOTE: the suppliers position is Webrick should not be used in production.

Affected Software

Name Vendor Start Version End Version
Ruby-webrick Ubuntu devel *
Ruby-webrick Ubuntu esm-apps/jammy *
Ruby-webrick Ubuntu jammy *
Ruby-webrick Ubuntu noble *
Ruby-webrick Ubuntu oracular *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use