MGASA-2020-0423

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2020-25613

Published: 13 Nov 2020, 21:20

Last modified:16 Apr 2026, 04:42

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

13 Nov 2020, 21:20

Published

Vulnerability first disclosed

16 Apr 2026, 04:42

Last Modified

Vulnerability information updated

Description

Updated ruby packages fix a security vulnerability A potential HTTP request smuggling vulnerability in WEBrick was reported. WEBrick was too tolerant against an invalid Transfer-Encoding header. This may lead to inconsistent interpretation between WEBrick and some HTTP proxy servers, which may allow the attacker to “smuggle” a request (CVE-2020-25613).

Affected Systems

mageia•ruby
< 2.5.8-22.mga7

References (3)

https://advisories.mageia.org/MGASA-2020-0423.html
https://bugs.mageia.org/show_bug.cgi?id=27401
https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/