Julianwu520

**Name of the Vulnerable Software and Affected Versions** WEBrick toolkit versions through 1.8.1 **Description** An issue was discovered in the WEBrick toolkit for Ruby, allowing HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header. This can be achieved, for example, by including "GET /admin HTTP/1.1r " inside a "POST /user HTTP/1.1r " request. The supplier's position is that WEBrick should not be used in production. **Recommendations** For WEBrick toolkit versions through 1.8.1, consider disabling the use of both Content-Length and Transfer-Encoding headers in HTTP requests as a temporary workaround until a patch is available. Restrict access to sensitive areas of the application to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.