RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | rubygems | 2012-05-21 16:48 | ALAS-2012-79 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 4.0 | AV:N/AC:H/Au:N/C:P/I:P/A:N |
NVD | CVSSv2 | 5.8 | AV:N/AC:M/Au:N/C:P/I:P/A:N |