- Vendor Advisory
- >= 1.3.0.pre.8
Bundler Gem for Ruby contains a flaw as SSL certificates are not properly validated. By spoofing the SSL server via a certificate that appears valid, an attacker with the ability to intercept network traffic (e.g. MiTM, DNS cache poisoning) can disclose and optionally manipulate transmitted data.