Was Ruby On Rails affected by CVE-2019-16201?

Question

I didn't find a short answer to my question,CVE-2019-16201 was a vulnerability on WEBrick on Ruby, was RubyOnRails affected by this vulnerability as well?

I say yes because I found RubyOnRails used WEBrick as mentionned Here.

I say no because on CVE-2019-16201 I don't find any reference to it about RubyOnRails, and I believe that this vulnerability was crucial and must have been mentioned here.

I hope the answer is yes, because I have to reproduce this vulnerability in an environment, and it would be easier to do so, I believe, using ruby on rails.

Thanks to all of you.

This answer is enough for me! thanks, you may want to post it down ? — E Epsylon, Oct 19 '22 at 22:32

engineersmnky · Accepted Answer · 2022-10-20T17:21:51.147

3

Please note: That this is not a rails vulnerability but rather a vulnerability in the WEBrick library that ships with ruby (rails is not a requirement to use this library)

So if your rails application is:

using WEBrick as its HTTP server; and
running on one of the affected versions; and
using digest authentication provided by WEBrick

Then I would say yes the rails application is vulnerable.

edited Oct 20 '22 at 17:21

answered Oct 20 '22 at 15:37

engineersmnky

25,495
2
36
52

Was Ruby On Rails affected by CVE-2019-16201?

1 Answers1