Sha256: f75f40ce4d67798fa929433e4e7b472c7fc8982f99a2ef25f9ad7478a6c9dcab

Contents?: true

Size: 493 Bytes

Versions: 5

Compression:

Stored size: 493 Bytes

Contents

---
library: rubygems
cve: 2012-2125
osvdb: 85809
url: http://www.osvdb.org/show/osvdb/85809
title: |
  RubyGems HTTPS to HTTP Redirection MitM Downloaded Installation File
  Manipulation
date: 2012-09-25
description: |
  RubyGems contains a flaw that is triggered by the gem fetcher allowing for
  redirection of HTTPS to HTTP. This may allow a remote attacker to conduct a
  man-in-the-middle attack to alter downloaded gem installation files.
cvss_v2: 5.8
patched_versions:
  - ">= 1.8.23"

Version data entries

5 entries across 5 versions & 2 rubygems

Version Path
bundler-budit-0.6.2 data/ruby-advisory-db/libraries/rubygems/OSVDB-85809.yml
bundler-budit-0.6.1 data/ruby-advisory-db/libraries/rubygems/OSVDB-85809.yml
bundler-audit-0.6.1 data/ruby-advisory-db/libraries/rubygems/OSVDB-85809.yml
bundler-audit-0.6.0 data/ruby-advisory-db/libraries/rubygems/OSVDB-85809.yml
bundler-audit-0.5.0 data/ruby-advisory-db/libraries/rubygems/OSVDB-85809.yml