---
gem: rubygems-update
library: rubygems
cve: 2012-2125
osvdb: 85809
url: https://nvd.nist.gov/vuln/detail/CVE-2012-2125
title: |
  RubyGems HTTPS to HTTP Redirection MitM Downloaded Installation File
  Manipulation
date: 2012-09-25
description: |
  RubyGems contains a flaw that is triggered by the gem fetcher allowing for
  redirection of HTTPS to HTTP. This may allow a remote attacker to conduct a
  man-in-the-middle attack to alter downloaded gem installation files.
cvss_v2: 5.8
patched_versions:
  - ">= 1.8.23"