Cyber Resilience

CVE-2024-47220

N/A

Published: 22 September 2024

Published
22 September 2024
Modified
15 April 2026
KEV Added
Patch
CVSS Score N/A
EPSS Score 0.0011 28.6th percentile
Risk Priority 0 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-47220 is a uncategorised-severity an unspecified weakness vulnerability. Its CVSS base score is N/A.

Operationally, ranked at the 28.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

An issue was discovered in the WEBrick toolkit through 1.8.1 for Ruby. It allows HTTP request smuggling by providing both a Content-Length header and a Transfer-Encoding header, e.g., "GET /admin HTTP/1.1\r\n" inside of a "POST /user HTTP/1.1\r\n" request. NOTE: the…

more

supplier's position is "Webrick should not be used in production."

CWE(s)
None listed

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References