Sha256: deacbb9985231f5bfc395898272f31906a53a7bc82fb0695f4406bbc5e9b4339

Contents?: true

Size: 614 Bytes

Versions: 5

Compression:

Stored size: 614 Bytes

Contents

---
library: rubygems
cve: 2015-3900
osvdb: 122162
url: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-007/?fid=6356
title: |
  RubyGems remote_fetcher.rb api_endpoint() Function Missing SRV Record
  Hostname Validation Request Hijacking
date: 2015-05-14
description: |
  RubyGems contains a flaw in the api_endpoint() function in remote_fetcher.rb
  that is triggered when handling hostnames in SRV records. With a specially
  crafted response, a context-dependent attacker may conduct DNS hijacking
  attacks.
cvss_v2: 5.0
patched_versions:
  - ~> 2.0.16
  - ~> 2.2.4
  - ">= 2.4.7"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/libraries/rubygems/CVE-2015-3900.yml
bundler-budit-0.6.1 data/ruby-advisory-db/libraries/rubygems/CVE-2015-3900.yml
bundler-audit-0.6.1 data/ruby-advisory-db/libraries/rubygems/CVE-2015-3900.yml
bundler-audit-0.6.0 data/ruby-advisory-db/libraries/rubygems/CVE-2015-3900.yml
bundler-audit-0.5.0 data/ruby-advisory-db/libraries/rubygems/CVE-2015-3900.yml