[RUBYSEC:RUBYGEMS-UPDATE-2012-2126] CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23
Severity
Medium
Affected Packages
1
Fixed Packages
1
CVEs
1
RubyGems before 1.8.23 does not verify an SSL certificate, which allows
remote attackers to modify a gem during installation via a man-in-the-middle attack.
Package | Affected Version |
---|---|
pkg:gem/rubygems-update | < 1.8.23 |
Package | Fixed Version |
---|---|
pkg:gem/rubygems-update | >= 1.8.23 |
- ID
- RUBYSEC:RUBYGEMS-UPDATE-2012-2126
- Severity
- medium
- URL
- https://nvd.nist.gov/vuln/detail/CVE-2012-2126
- Published
-
2012-04-20T00:00:00
(12 years ago) - Modified
-
2023-05-11T19:34:28
(16 months ago) - Rights
- RubySec Security Team
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Security Advisory | GHSA-5mgj-mvv8-46mw | https://github.com/advisories/GHSA-5mgj-mvv8-46mw |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:gem/rubygems-update | rubygems-update | >= 1.8.23 | ||||
Affected | pkg:gem/rubygems-update | rubygems-update | < 1.8.23 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |