Description
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
Remediation
References
Related Vulnerabilities
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2043)
Microsoft SQL Server CVE-2023-38169 Vulnerability (CVE-2023-38169)
Play Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3630)
Oracle Database Server CVE-2012-0527 Vulnerability (CVE-2012-0527)