GHSA-5mgj-mvv8-46mw

Опубликовано: 17 мая 2022

Источник: github

Github: Прошло ревью

Описание

RubyGems does not verify SSL certificate

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

Ссылки

Пакеты

Наименование

rubygems-update

rubygems

Затронутые версииВерсия исправления

< 1.8.23

1.8.23

EPSS

Процентиль: 50%

0.00272

Низкий

CVE ID

CVE-2012-2126

Связанные уязвимости

CVE-2012-2126

ubuntu

больше 11 лет назад

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

CVE-2012-2126

redhat

около 13 лет назад

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

CVE-2012-2126

nvd

больше 11 лет назад

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

CVE-2012-2126

debian

больше 11 лет назад

RubyGems before 1.8.23 does not verify an SSL certificate, which allow ...

ELSA-2013-1441

oracle-oval

больше 11 лет назад

ELSA-2013-1441: rubygems security update (MODERATE)

EPSS

Процентиль: 50%

0.00272

Низкий

CVE ID

CVE-2012-2126