Description
RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
Remediation
References
Related Vulnerabilities
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7913)
Joomla Improper Privilege Management Vulnerability (CVE-2018-17855)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-8151)
WordPress Plugin School Management System-WPSchoolPress Multiple Vulnerabilities (2.1.9)