Update CVE-2011-3624.yml for Ruby vulnerabilities

jasnow · web-flow · commit bf6db1eb5f63 · 2026-02-25T10:50:47.000-05:00
Removed outdated patched version for Ruby 1.9.2 and updated notes regarding webrick's gem separation.
diff --git a/rubies/ruby/CVE-2011-3624.yml b/rubies/ruby/CVE-2011-3624.yml
@@ -13,7 +13,6 @@ description: |
 cvss_v2: 5.0
 cvss_v3: 5.3
 patched_versions:
-  - "~> 1.9.2"
   - ">= 3.0.0"
 related:
   url:
@@ -28,12 +27,3 @@ related:
     - https://github.com/advisories/GHSA-rc82-v3mm-rhj2
 notes: |
   - Ruby 3.0.0 was the release when webrick was moved into a separate gem.
-  - Did not find references to 1.8.7 fix.
-  - Found this in above 1.9.2 ChangeLog. Unclear if connected.
-    -- Fri Jun 24 19:57:30 2011  Hiroshi Nakamura  <nahi@ruby-lang.org>
-       * lib/webrick/httprequest.rb (setup_forwarded_info): Parsing request
-         header failed when the request is from 2 or more Apache reverse
-         proxies. It's said that all X-Forwarded-* headers will contain more
-        than one (comma-separated) value if the original request already
-        contained one of these headers.  Since we could use these values as
-        Host header, we choose the initial(first) value. See #4922.
