Description
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
Remediation
References
Related Vulnerabilities
Zope Web Application Server Other Vulnerability (CVE-2001-1227)
Python Integer Overflow or Wraparound Vulnerability (CVE-2008-1679)
WordPress Plugin PayPal Digital Goods powered by Cleeng Cross-Site Scripting (2.2.13)
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-2750)
Oracle Database Server CVE-2019-2484 Vulnerability (CVE-2019-2484)