CVE-2016-11086

Published September 24th, 2020

View on NVD ↗

CVSS v3

7.4

HIGH

CVSS v2

5.8

MEDIUM

Affected

PROJECT

Description

lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.

ruby-oauth/oauth

🔑 A Ruby wrapper for OAuth 1.0, and 1.0a protocols; clients & servers

GitHub

674