Sha256: 5ada1e1f7a7a6560679dfc1263196441445d59788d99b91db34c7be9c9e27a2c

Contents?: true

Size: 531 Bytes

Versions: 6

Compression:

Stored size: 531 Bytes

Contents

---
gem: bundler
osvdb: 115090
url: http://www.osvdb.org/show/osvdb/115090
title: Bundler Gem for Ruby Missing SSL Certificate Validation MitM Spoofing 
date: 2013-02-12
description: |
  Bundler Gem for Ruby contains a flaw as SSL certificates are not properly
  validated. By spoofing the SSL server via a certificate that appears valid,
  an attacker with the ability to intercept network traffic (e.g. MiTM, DNS
  cache poisoning) can disclose and optionally manipulate transmitted data. 
patched_versions:
  - ">= 1.3.0.pre.8"

Version data entries

6 entries across 6 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/bundler/OSVDB-115090.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/bundler/OSVDB-115090.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/bundler/OSVDB-115090.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/bundler/OSVDB-115090.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/bundler/OSVDB-115090.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/bundler/OSVDB-115090.yml