20 matches found
CVE-2009-4123
The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation...
EUVD-2025-13880
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-46551
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby- OpenSSL version 0.12.1 and prior to version 0.15.4...
GHSA-72QJ-48G4-5XGX JRuby-OpenSSL has hostname verification disabled by default
Summary When verifying SSL certificates, jruby-openssl is not verifying that the hostname presented in the certificate matches the one we are trying to connect to, meaning a MITM could just present any valid cert for a completely different domain they own, and JRuby wouldn't complain. Details n/a...
Improper Validation of Certificate with Host Mismatch
Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the SSL certificate validation process. An attacker can intercept secure communications by presenting a valid certificate for an unrelated domain that the attacker controls. Note:...
CVE-2025-46551
JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...
UBUNTU-CVE-2025-46551
JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...
CVE-2025-46551 JRuby-OpenSSL has hostname verification disabled by default
JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...
CVE-2025-46551 JRuby-OpenSSL has hostname verification disabled by default
JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...
CVE-2025-46551
JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...
CVE-2025-46551
JRuby-OpenSSL (JRuby OpenSSL gem) prior to 0.15.4 fails hostname verification when validating SSL certificates, enabling MITM risk for HTTPS requests to external APIs or web scraping. The affected range is 0.12.1 up to, but not including, 0.15.4 (aligned with JRuby 9.3.4.0–9.4.12.1 and 10.0.0.0–1...
PT-2025-20241 · Jruby · Jruby +1
Name of the Vulnerable Software and Affected Versions: JRuby-OpenSSL versions 0.12.1 through 0.15.3 JRuby versions 9.3.4.0 through 9.4.12.0 JRuby version 10.0.0.0 Description: The issue concerns the verification of SSL certificates. When verifying these certificates, the hostname presented in the...
Improper Certificate Validation
jruby-openssl is vulnerable to Improper Certificate Validation. The vulnerability is due to incorrect hashing of certificate names in X509Name.java and insufficient checking of certificate path lengths in StoreContext.java. This allows an attacker to trick the client application into believing th...
CVE-2009-4123
The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation...
JRuby-OpenSSL Security Vulnerability
JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. A security vulnerability exists in JRuby-OpenSSL versions prior to 0.6, which stems from incorrectly handling SSL certificate validation...
CVE-2009-4123
The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation...
CVE-2009-4123
CVE-2009-4123 affects the jruby-openssl gem for JRuby, with versions prior to 0.6 mishandling SSL certificate validation. The issue enables attackers to masquerade as a legitimate SSL server by abusing certificate validation logic, per Red Hat andVeracode entries, which detail faulty handling suc...
GHSA-XGV7-PQQH-H2W9 jruby-openssl gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...
jruby-openssl gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...
jruby-openssl Gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers...