CVE-2024-47220

Summary

CVE-2024-47220 is a high-severity vulnerability identified in the WEBrick toolkit for Ruby, specifically affecting versions up to 1.8.1. This vulnerability allows for HTTP request smuggling by permitting both a Content-Length and Transfer-Encoding header to be included in an HTTP request, potentially enabling attackers to manipulate or intercept requests. Organizations using affected products, such as those identified with the IDs 'y1Q-8u' and 'y02Idh', face significant risks as this flaw could lead to unauthorized access and data integrity issues without requiring user interaction. To mitigate this risk, it is recommended that WEBrick not be used in production environments, as stated by the supplier. Additionally, organizations should implement network security measures to detect and prevent exploitation attempts related to this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.