CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client
Published: March 05, 2014
SECURITY IDENTIFIERS
- CVE: CVE-2014-0036 (NVD)
- GHSA: GHSA-ww79-8xwv-932x
- OSVDB: OSVDB-104080
GEM
SEVERITY
CVSS v2.0: 6.8 (Medium)
PATCHED VERSIONS
>= 0.0.24
DESCRIPTION
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.