CVE-2012-2125

Published October 1st, 2013

View on NVD ↗

CVSS v3

N/A

CVSS v2

5.8

MEDIUM

Affected

PROJECT

Description

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

ruby/rubygems

Library packaging and distribution for Ruby.

GitHub

3.93K