📂 Vulnerable Library - webrick-1.8.1.gem
WEBrick is an HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server.
Library home page: https://rubygems.org/gems/webrick-1.8.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /vendor/cache/webrick-1.8.1.gem
Findings
Details
🔴CVE-2024-47220
Vulnerable Library - webrick-1.8.1.gem
WEBrick is an HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server.
Library home page: https://rubygems.org/gems/webrick-1.8.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /vendor/cache/webrick-1.8.1.gem
Dependency Hierarchy:
Vulnerability Details
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
Publish Date: Sep 22, 2024 12:00 AM
URL: CVE-2024-47220
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 8.7
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🔴CVE-2025-6442
Vulnerable Library - webrick-1.8.1.gem
WEBrick is an HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server.
Library home page: https://rubygems.org/gems/webrick-1.8.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /vendor/cache/webrick-1.8.1.gem
Dependency Hierarchy:
Vulnerability Details
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability
Publish Date: Jun 25, 2025 04:52 PM
URL: CVE-2025-6442
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 8.3
Suggested Fix
Type: Upgrade version
Origin: ruby/webrick@ee60354
Release Date: Jun 22, 2025 09:00 PM
Fix Resolution : webrick - 1.8.2,https://github.com/ruby/webrick.git - v1.8.2
📂 Vulnerable Library - webrick-1.8.1.gem
WEBrick is an HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server.
Library home page: https://rubygems.org/gems/webrick-1.8.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /vendor/cache/webrick-1.8.1.gem
Findings
Details
🔴CVE-2024-47220
Vulnerable Library - webrick-1.8.1.gem
WEBrick is an HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server.
Library home page: https://rubygems.org/gems/webrick-1.8.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /vendor/cache/webrick-1.8.1.gem
Dependency Hierarchy:
❌ webrick-1.8.1.gem (Vulnerable Library)
google-cloud-storage-1.45.0.gem (Root Library)
Vulnerability Details
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
Publish Date: Sep 22, 2024 12:00 AM
URL: CVE-2024-47220
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 8.7
Suggested Fix
Type: Upgrade version
Origin:
Release Date:
Fix Resolution :
🔴CVE-2025-6442
Vulnerable Library - webrick-1.8.1.gem
WEBrick is an HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server.
Library home page: https://rubygems.org/gems/webrick-1.8.1.gem
Path to dependency file: /Gemfile.lock
Path to vulnerable library: /vendor/cache/webrick-1.8.1.gem
Dependency Hierarchy:
❌ webrick-1.8.1.gem (Vulnerable Library)
google-cloud-storage-1.45.0.gem (Root Library)
Vulnerability Details
Ruby WEBrick read_header HTTP Request Smuggling Vulnerability
Publish Date: Jun 25, 2025 04:52 PM
URL: CVE-2025-6442
Threat Assessment
Exploit Maturity:Not Defined
EPSS:< 1%
Score: 8.3
Suggested Fix
Type: Upgrade version
Origin: ruby/webrick@ee60354
Release Date: Jun 22, 2025 09:00 PM
Fix Resolution : webrick - 1.8.2,https://github.com/ruby/webrick.git - v1.8.2