Sha256: d634609b773151e215b6533ce1fe73608a6871262ed374014182f1e4447f94b8
Contents?: true
Size: 688 Bytes
Versions: 1
Compression:
Stored size: 688 Bytes
Contents
--- engine: ruby cve: 2019-16254 url: https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/ title: HTTP response splitting in WEBrick (Additional fix) date: 2019-10-01 description: | If a program using WEBrick inserts untrusted input into the response header, an attacker can exploit it to insert a newline character to split a header, and inject malicious content to deceive clients. This is the same issue as CVE-2017-17742. The previous fix was incomplete, which addressed the CRLF vector, but did not address an isolated CR or an isolated LF. patched_versions: - "~> 2.4.8" - "~> 2.5.7" - "~> 2.6.5" - "> 2.7.0-preview1"
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| bundler-audit-0.7.0.1 | data/ruby-advisory-db/rubies/ruby/CVE-2019-16254.yml |