Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
ruby2.1
CVE-2024-47220.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2024-47220.patch of Package ruby2.1
diff -ru ruby-2.1.9.orig/lib/webrick/httprequest.rb ruby-2.1.9/lib/webrick/httprequest.rb --- ruby-2.1.9.orig/lib/webrick/httprequest.rb 2024-10-29 13:40:11.865094013 +0100 +++ ruby-2.1.9/lib/webrick/httprequest.rb 2024-10-29 13:40:55.129540898 +0100 @@ -473,6 +473,10 @@ def read_body(socket, block) return unless socket if tc = self['transfer-encoding'] + if self['content-length'] + raise HTTPStatus::BadRequest, "request with both transfer-encoding and content-length, possible request smuggling" + end + case tc when /\Achunked\z/io then read_chunked(socket, block) else raise HTTPStatus::NotImplemented, "Transfer-Encoding: #{tc}."
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
