CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23
Published: September 25, 2012
SECURITY IDENTIFIERS
- CVE: CVE-2012-2125 (NVD)
- GHSA: GHSA-228f-g3h7-3fj3
- OSVDB: OSVDB-85809
GEM
LIBRARY
SEVERITY
CVSS v2.0: 5.8 (Medium)
PATCHED VERSIONS
>= 1.8.23
DESCRIPTION
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.