1. Home
  2. Security Advisories
  3. Ruby (Gems)
  4. RUBYSEC:RUBYGEMS-UPDATE-2012-2126

[RUBYSEC:RUBYGEMS-UPDATE-2012-2126] CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23

Severity Medium
Affected Packages 1
Fixed Packages 1
CVEs 1
Info Packages References Vulnerabilities

RubyGems before 1.8.23 does not verify an SSL certificate, which allows
remote attackers to modify a gem during installation via a man-in-the-middle attack.

Package Affected Version
pkg:gem/rubygems-update < 1.8.23
Package Fixed Version
pkg:gem/rubygems-update >= 1.8.23
ID
RUBYSEC:RUBYGEMS-UPDATE-2012-2126
Severity
medium
URL
https://nvd.nist.gov/vuln/detail/CVE-2012-2126
Published
2012-04-20T00:00:00
(12 years ago)
Modified
2023-05-11T19:34:28
(16 months ago)
Rights
RubySec Security Team
Other Advisories
Source # ID Name URL
Security Advisory GHSA-5mgj-mvv8-46mw https://github.com/advisories/GHSA-5mgj-mvv8-46mw
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Fixed pkg:gem/rubygems-update rubygems-update >= 1.8.23
Affected pkg:gem/rubygems-update rubygems-update < 1.8.23
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date