CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23
Published: April 20, 2012
SECURITY IDENTIFIERS
- CVE: CVE-2012-2126 (NVD)
- GHSA: GHSA-5mgj-mvv8-46mw
- OSVDB: OSVDB-81444
GEM
LIBRARY
SEVERITY
CVSS v2.0: 4.3 (Medium)
PATCHED VERSIONS
>= 1.8.23
DESCRIPTION
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.