ADVISORIES

• OSVDB-115090
• Vendor Advisory

GEM

bundler

PATCHED VERSIONS

• >= 1.3.0.pre.8

DESCRIPTION

Bundler Gem for Ruby contains a flaw as SSL certificates are not properly validated. By spoofing the SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MiTM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.

RELATED

• https://github.com/rubygems/bundler/releases/tag/v1.3.0.pre.8
• https://my.diffend.io/gems/bundler/1.3.0.pre.7/1.3.0.pre.8
• https://my.diffend.io/gems/bundler/versions/1.0.0.beta.8
• http://www.osvdb.org/show/osvdb/115090