Description
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
Remediation
References
Related Vulnerabilities
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.9)
Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-3888)
WordPress Plugin Contact Form 7 Database Information Disclosure (1.3)
WordPress Multiple Cross-Site Scripting Vulnerabilities (2.0 - 2.0.1)
PHP Improper Encoding or Escaping of Output Vulnerability (CVE-2024-5585)