HTTP Request Smuggling in reel

GHSA-x3v4-pxvm-63j8 · CVE-2020-7659

Published May 24, 2021 · Modified Mar 13, 2026

Description

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as valid which could be leveraged for TECL smuggling attacks. Note, This project is deprecated, and is not maintained any more.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-7659
PACKAGE https://github.com/celluloid/reel
WEB https://snyk.io/vuln/SNYK-RUBY-REEL-569135

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes