iodine is a fast HTTP / Websocket Server with built-in Pub/Sub support (with or without Redis), static file support and many other features, optimized for Ruby MRI on Linux / BSD / macOS.
Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing.
It could be possible to conduct HTTP request smuggling attacks where
iodine is used as part of a chain of backend servers due to insufficient
Transfer Encoding parsing.
iodine to version 0.7.39 or higher.
- Snyk Security Team
- Snyk ID
- 18 May, 2020
- 08 Jun, 2020