Back to search
CVE-2012-2126
Published: Oct 1, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
55381
third-party-advisory
x_refsource_SECUNIA
USN-1582-1
vendor-advisory
x_refsource_UBUNTU
https://github.com/rubygems/rubygems/blob/1.8/History.txt
x_refsource_CONFIRM
RHSA-2013:1203
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=814718
x_refsource_MISC
[oss-security] 20120420 Re: CVE Request -- rubygems: Two security fixes in upstream v1.8.23 version
mailing-list
x_refsource_MLIST
RHSA-2013:1852
vendor-advisory
x_refsource_REDHAT
RHSA-2013:1441
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now