CVE-2017-0902

Published August 31st, 2017

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.8

MEDIUM

Affected

PROJECT

Description

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

ruby/rubygems

Library packaging and distribution for Ruby.

GitHub

3.93K