Description
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
Remediation
References
Related Vulnerabilities
MySQL Improper Authentication Vulnerability (CVE-2012-2122)
Beego Framework Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-16354)
WordPress Plugin Invoicing with InvoiceXpress for WooCommerce-Free Cross-Site Scripting (3.0.2)
WordPress Plugin WP-Table Reloaded Cross-Site Scripting (1.9.3)