Sha256: b44ab54bdb78524253e58ee4afa954a98447dece5efda1b5e0eff255906f87ef

Contents?: true

Size: 672 Bytes

Versions: 5

Compression:

Stored size: 672 Bytes

Contents

---
gem: rbovirt
cve: 2014-0036
osvdb: 104080
url: http://osvdb.org/show/osvdb/104080
title: rbovirt Gem for Ruby contains a flaw
date: 2014-03-05

description: |
  rbovirt Gem for Ruby contains a flaw related to certificate validation.
  The issue is due to the program failing to validate SSL certificates. This may
  allow an attacker with access to network traffic (e.g. MiTM, DNS cache
  poisoning) to spoof the SSL server via an arbitrary certificate that appears
  valid. Such an attack would allow for the interception of sensitive traffic,
  and potentially allow for the injection of content into the SSL stream.

cvss_v2: 6.8

patched_versions:
  - '>= 0.0.24'

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/gems/rbovirt/OSVDB-104080.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/rbovirt/OSVDB-104080.yml
bundler-audit-0.6.1 data/ruby-advisory-db/gems/rbovirt/OSVDB-104080.yml
bundler-audit-0.6.0 data/ruby-advisory-db/gems/rbovirt/OSVDB-104080.yml
bundler-audit-0.5.0 data/ruby-advisory-db/gems/rbovirt/OSVDB-104080.yml