Skip to content

webrick-1.9.2.gem: 1 vulnerabilities (highest severity is: 7.5) #11817

Description

@mend-bolt-for-github
Vulnerable Library - webrick-1.9.2.gem

WEBrick is an HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server.

Library home page: https://rubygems.org/gems/webrick-1.9.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/webrick-1.9.2.gem

Found in HEAD commit: da0c9c84fdbc82b3b8e2221482a86225136e26be

Vulnerabilities

Vulnerability Severity CVSS Dependency Type Fixed in (webrick version) Remediation Possible**
CVE-2026-38969 High 7.5 webrick-1.9.2.gem Direct N/A

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2026-38969

Vulnerable Library - webrick-1.9.2.gem

WEBrick is an HTTP server toolkit that can be configured as an HTTPS server, a proxy server, and a virtual-host server.

Library home page: https://rubygems.org/gems/webrick-1.9.2.gem

Path to dependency file: /Gemfile.lock

Path to vulnerable library: /tmp/containerbase/cache/.ruby/cache/webrick-1.9.2.gem

Dependency Hierarchy:

  • webrick-1.9.2.gem (Vulnerable Library)

Found in HEAD commit: da0c9c84fdbc82b3b8e2221482a86225136e26be

Found in base branch: main

Vulnerability Details

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling.

Publish Date: 2026-07-02

URL: CVE-2026-38969

CVSS 3 Score Details (7.5)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: High
    • Availability Impact: None

For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with Mend here

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Inbox

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions