Skip to content

Commit

Permalink
fix(deps): upgrade webrick dep (#1441)
Browse files Browse the repository at this point in the history 
An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."
  • Loading branch information
@lamcodeofpwnosec
lamcodeofpwnosec authored Oct 28, 2024
1 parent 0d6f07b commit 30b0a84
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion docs/Gemfile.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,7 @@ GEM
unf_ext (0.0.9.1)
unicode-display_width (1.8.0)
uri (0.13.0)
webrick (1.8.1)
webrick (1.8.2)

PLATFORMS
ruby
Expand Down

0 comments on commit 30b0a84

Please sign in to comment.