GHSA-6wpv-cj6x-v3jw

Опубликовано: 13 мар. 2018

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.

Ссылки

Пакеты

Наименование

http

rubygems

Затронутые версииВерсия исправления

< 0.7.3

0.7.3

EPSS

Процентиль: 55%

0.0032

Низкий

5.9 Medium

CVSS3

CVE ID

CVE-2015-1828

Дефекты

CWE-200

Связанные уязвимости

CVE-2015-1828

CVSS3: 5.9

ubuntu

больше 8 лет назад

The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.

CVE-2015-1828

CVSS3: 5.9

nvd

больше 8 лет назад

The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.

CVE-2015-1828

CVSS3: 5.9

debian

больше 8 лет назад

The Ruby http gem before 0.7.3 does not verify hostnames in SSL connec ...

EPSS

Процентиль: 55%

0.0032

Низкий

5.9 Medium

CVSS3

CVE ID

CVE-2015-1828

Дефекты

CWE-200