Skip to content

chore(deps): update dependency webrick to v1.8.2 [security]#1270

Merged
andrewpollock merged 1 commit intogoogle:mainfrom
renovate-bot:renovate/rubygems-webrick-vulnerability
Sep 24, 2024
Merged

chore(deps): update dependency webrick to v1.8.2 [security]#1270
andrewpollock merged 1 commit intogoogle:mainfrom
renovate-bot:renovate/rubygems-webrick-vulnerability

Conversation

@renovate-bot
Copy link
Copy Markdown
Collaborator

@renovate-bot renovate-bot commented Sep 24, 2024

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
webrick 1.8.1 -> 1.8.2 age adoption passing confidence

HTTP Request Smuggling in ruby webrick

CVE-2024-47220 / GHSA-6f62-3596-g6w7

More information

Details

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the supplier's position is "Webrick should not be used in production."

Severity

  • CVSS Score: 7.5 / 10 (High)
  • Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).

Release Notes

ruby/webrick (webrick)

v1.8.2

Compare Source

What's Changed

New Contributors

Full Changelog: ruby/webrick@v1.8.1...v1.8.2

Configuration

📅 Schedule: Branch creation - "" in timezone Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@forking-renovate forking-renovate bot added the dependencies Pull requests that update a dependency file label Sep 24, 2024
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Sep 24, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 68.39%. Comparing base (1cde7f4) to head (6306953).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #1270   +/-   ##
=======================================
  Coverage   68.38%   68.39%           
=======================================
  Files         175      175           
  Lines       16784    16784           
=======================================
+ Hits        11478    11479    +1     
+ Misses       4676     4675    -1     
  Partials      630      630

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@andrewpollock andrewpollock merged commit 6d17d98 into google:main Sep 24, 2024
@renovate-bot renovate-bot deleted the renovate/rubygems-webrick-vulnerability branch September 24, 2024 07:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@andrewpollock andrewpollock andrewpollock approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@renovate-bot @codecov-commenter @andrewpollock