An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "libruby2.3-dbgsym": "2.3.1-2~ubuntu16.04.15", "ruby2.3-tcltk": "2.3.1-2~ubuntu16.04.15", "ruby2.3-dev-dbgsym": "2.3.1-2~ubuntu16.04.15", "libruby2.3-dbg": "2.3.1-2~ubuntu16.04.15", "ruby2.3-dev": "2.3.1-2~ubuntu16.04.15", "ruby2.3-dbgsym": "2.3.1-2~ubuntu16.04.15", "libruby2.3": "2.3.1-2~ubuntu16.04.15", "ruby2.3-tcltk-dbgsym": "2.3.1-2~ubuntu16.04.15", "ruby2.3": "2.3.1-2~ubuntu16.04.15", "ruby2.3-doc": "2.3.1-2~ubuntu16.04.15" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "ruby2.5": "2.5.1-1ubuntu1.8", "ruby2.5-dbgsym": "2.5.1-1ubuntu1.8", "libruby2.5": "2.5.1-1ubuntu1.8", "libruby2.5-dbgsym": "2.5.1-1ubuntu1.8", "ruby2.5-dev": "2.5.1-1ubuntu1.8", "ruby2.5-doc": "2.5.1-1ubuntu1.8" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "low", "binaries": [ { "ruby2.7-doc": "2.7.0-5ubuntu1.3", "ruby2.7-dbgsym": "2.7.0-5ubuntu1.3", "ruby2.7": "2.7.0-5ubuntu1.3", "libruby2.7": "2.7.0-5ubuntu1.3", "libruby2.7-dbgsym": "2.7.0-5ubuntu1.3", "ruby2.7-dev": "2.7.0-5ubuntu1.3" } ] }