HCE1-SA-2022-0034 Important HCE 1.1 Security Fix(es): An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack. (CVE-2020-25613) CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. (CVE-2021-41819) HCE 1.1 rubygems-2.0.14.1-37.hce1c.noarch.rpm rubygem-bigdecimal-1.2.0-37.hce1c.x86_64.rpm rubygem-io-console-0.4.2-37.hce1c.x86_64.rpm rubygem-json-1.7.7-37.hce1c.x86_64.rpm rubygem-psych-2.0.0-37.hce1c.x86_64.rpm rubygem-rdoc-4.0.0-37.hce1c.noarch.rpm ruby-2.0.0.648-37.hce1c.x86_64.rpm ruby-irb-2.0.0.648-37.hce1c.noarch.rpm ruby-libs-2.0.0.648-37.hce1c.x86_64.rpm