CVE-2012-2126

Rubygems < 1.8.22 - Cryptographic Issue

Title source: rule

Description

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.

References (8)

Core 8

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/55381

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1582-1/

Patch, Vendor Advisory x_refsource_confirm

https://github.com/rubygems/rubygems/blob/1.8/History.txt

View Patch ZIP pw:eip

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1203.html

Issue Tracking x_refsource_misc

https://bugzilla.redhat.com/show_bug.cgi?id=814718

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2012/04/20/24

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1852.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1441.html

Scores

EPSS 0.0027

EPSS Percentile 50.5%

Details

CWE

CWE-310

Status published

Products (24)

rubygems/rubygems 1.8.0

rubygems/rubygems 1.8.1

rubygems/rubygems 1.8.2

rubygems/rubygems 1.8.3

rubygems/rubygems 1.8.4

rubygems/rubygems 1.8.5

rubygems/rubygems 1.8.6

rubygems/rubygems 1.8.7

rubygems/rubygems 1.8.8

rubygems/rubygems 1.8.9

... and 14 more

Published Oct 01, 2013

Tracked Since Feb 18, 2026