1. Home
  2. Security Advisories
  3. Ruby (Gems)
  4. RUBYSEC:RUBYGEMS-UPDATE-2012-2125

[RUBYSEC:RUBYGEMS-UPDATE-2012-2125] CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23

Severity Medium
Affected Packages 1
Fixed Packages 1
CVEs 1
Info Packages References Vulnerabilities

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which
makes it easier for remote attackers to observe or modify a gem during
installation via a man-in-the-middle attack.

Package Affected Version
pkg:gem/rubygems-update < 1.8.23
Package Fixed Version
pkg:gem/rubygems-update >= 1.8.23
ID
RUBYSEC:RUBYGEMS-UPDATE-2012-2125
Severity
medium
URL
https://nvd.nist.gov/vuln/detail/CVE-2012-2125
Published
2012-09-25T00:00:00
(12 years ago)
Modified
2023-05-11T19:34:28
(16 months ago)
Rights
RubySec Security Team
Other Advisories
Source # ID Name URL
Security Advisory GHSA-228f-g3h7-3fj3 https://github.com/advisories/GHSA-228f-g3h7-3fj3
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Fixed pkg:gem/rubygems-update rubygems-update >= 1.8.23
Affected pkg:gem/rubygems-update rubygems-update < 1.8.23
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date