Homepage
About Snyk

Man-in-the-Middle (MitM) Affecting rubygems-update package, versions <1.8.23

0.0
medium

Snyk CVSS

    Attack Complexity Low
    User Interaction Required

    Threat Intelligence

    EPSS 0.41% (74th percentile)
Expand this section
NVD
5.4 medium
Expand this section
Red Hat
4.8 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-RUBY-RUBYGEMSUPDATE-472658
  • published 14 Nov 2019
  • disclosed 19 Apr 2012
  • credit unknown
Report a new vulnerability Found a mistake?

Introduced: 19 Apr 2012

CVE-2012-2125 Open this link in a new tab
CWE-297 Open this link in a new tab

How to fix?

Upgrade rubygems-update to version 1.8.23 or higher.

Overview

rubygems-update is an inbuilt rubygem for updating rubygems.

Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). It can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.