RubySec

Providing security resources for the Ruby community

CVE-2014-0036 (rbovirt): CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client

ADVISORIES

GEM

rbovirt

SEVERITY

CVSS v2: 6.8

PATCHED VERSIONS

  • >= 0.0.24

DESCRIPTION

The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.