[USN-1582-1] RubyGems vulnerabilities
Severity
Medium
CVEs
2
RubyGems could be made to download and install malicious gem files.
John Firebaugh discovered that the RubyGems remote gem fetcher did not properly
verify SSL certificates. A remote attacker could exploit this to perform a man
in the middle attack to alter gem files being downloaded for installation.
(CVE-2012-2126)
John Firebaugh discovered that the RubyGems remote gem fetcher allowed
redirection from HTTPS to HTTP. A remote attacker could exploit this to perform
a machine-in-the-middle attack to alter gem files being downloaded for
installation. (CVE-2012-2125)
- ID
- USN-1582-1
- Severity
- medium
- Severity from
- CVE-2012-2125
- URL
- https://ubuntu.com/security/notices/USN-1582-1
- Published
-
2012-09-26T02:15:41
(12 years ago) - Modified
-
2012-09-26T02:15:41
(12 years ago) - Other Advisories
ALAS-2012-79
ELSA-2013-1441
FEDORA-2012-6132
RHSA-2013:1441
RUBYSEC:RUBYGEMS-UPDATE-2012-2125| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |