Description
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
Remediation
References
Related Vulnerabilities
WordPress Plugin WikiPop Cross-Site Scripting (2.0)
WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.17)
WordPress Plugin Name Directory Cross-Site Request Forgery (1.17.4)
WordPress Plugin Paytium:Mollie payment forms & donations Cross-Site Scripting (3.1.1)
WordPress Plugin Kento Post View Counter Multiple Vulnerabilities (2.8)