[RUBYSEC:RUBYGEMS-UPDATE-2012-2125] CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23
Severity
Medium
Affected Packages
1
Fixed Packages
1
CVEs
1
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which
makes it easier for remote attackers to observe or modify a gem during
installation via a man-in-the-middle attack.
Package | Affected Version |
---|---|
pkg:gem/rubygems-update | < 1.8.23 |
Package | Fixed Version |
---|---|
pkg:gem/rubygems-update | >= 1.8.23 |
- ID
- RUBYSEC:RUBYGEMS-UPDATE-2012-2125
- Severity
- medium
- URL
- https://nvd.nist.gov/vuln/detail/CVE-2012-2125
- Published
-
2012-09-25T00:00:00
(12 years ago) - Modified
-
2023-05-11T19:34:28
(16 months ago) - Rights
- RubySec Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Security Advisory | GHSA-228f-g3h7-3fj3 | https://github.com/advisories/GHSA-228f-g3h7-3fj3 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:gem/rubygems-update | rubygems-update | >= 1.8.23 | ||||
Affected | pkg:gem/rubygems-update | rubygems-update | < 1.8.23 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |