Yusuke Endoh

2 exploits Active since Oct 2020
CVE-2020-25613 WRITEUP HIGH WRITEUP
Ruby WEBrick < 1.6.0 - HTTP Request Smuggling via Transfer-Encoding Header
An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick, a simple HTTP server bundled with Ruby, had not checked the transfer-encoding header value rigorously. An attacker may potentially exploit this issue to bypass a reverse proxy (which also has a poor header check), which may lead to an HTTP Request Smuggling attack.
CVSS 7.5
CVE-2021-32066 WRITEUP HIGH WRITEUP
Ruby < 2.6.7, 2.7.x < 2.7.3, 3.x < 3.0.1 - TLS Protection Bypass via StartTLS Stripping
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a "StartTLS stripping attack."
CVSS 7.4