PT-2026-26246

Name of the Vulnerable Software and Affected Versions bcrypt-ruby versions prior to 3.1.22 Description The bcrypt-ruby gem, a Ruby binding for the OpenBSD bcrypt password hashing algorithm, contains a flaw in its Java BCrypt implementation for JRuby. Specifically, an integer overflow in the...

EUVD-2011-4756

Malware in sbrugna...

EUVD-2021-1954

Malware in sbrugna...

EUVD-2022-3805

Malicious code in bioql PyPI...

EUVD-2022-5601

Malicious code in bioql PyPI...

EUVD-2025-13880

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-46551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby- OpenSSL version 0.12.1 and prior to version 0.15.4...

CVE-2025-46551

A security issue was discovered in JRuby-OpenSSL gem for JRuby. When verifying SSL certificates, jruby-openssl does not confirm that the hostname presented in the certificate matches the hostname of the system in which it is attempting to connect. A man-in-the-middle can present a valid certifica...

GHSA-72QJ-48G4-5XGX JRuby-OpenSSL has hostname verification disabled by default

Summary When verifying SSL certificates, jruby-openssl is not verifying that the hostname presented in the certificate matches the one we are trying to connect to, meaning a MITM could just present any valid cert for a completely different domain they own, and JRuby wouldn't complain. Details n/a...

Improper Validation of Certificate with Host Mismatch

Overview org.jruby:jruby is a high performance, stable, fully threaded Java implementation of the Ruby programming language. Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the SSL certificate validation process. An attacker can interce...

Improper Validation of Certificate with Host Mismatch

Overview Affected versions of this package are vulnerable to Improper Validation of Certificate with Host Mismatch in the SSL certificate validation process. An attacker can intercept secure communications by presenting a valid certificate for an unrelated domain that the attacker controls. Note:...

CVE-2025-46551

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

UBUNTU-CVE-2025-46551

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

CVE-2025-46551 JRuby-OpenSSL has hostname verification disabled by default

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

CVE-2025-46551 JRuby-OpenSSL has hostname verification disabled by default

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

CVE-2025-46551 JRuby-OpenSSL has hostname verification disabled by default

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

CVE-2025-46551

JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1, when verifying SSL certificates,...

CVE-2025-46551

JRuby-OpenSSL (JRuby OpenSSL gem) prior to 0.15.4 fails hostname verification when validating SSL certificates, enabling MITM risk for HTTPS requests to external APIs or web scraping. The affected range is 0.12.1 up to, but not including, 0.15.4 (aligned with JRuby 9.3.4.0–9.4.12.1 and 10.0.0.0–1...

JRuby-OpenSSL 安全漏洞

JRuby-OpenSSL is an add-on gem for JRuby from the JRuby team. A security vulnerability exists in JRuby-OpenSSL versions prior to 0.12.1 through 0.15.4, which stems from insufficient certificate hostname validation and could lead to a man-in-the-middle attack...

PT-2025-20241 · Jruby · Jruby +1

Name of the Vulnerable Software and Affected Versions: JRuby-OpenSSL versions 0.12.1 through 0.15.3 JRuby versions 9.3.4.0 through 9.4.12.0 JRuby version 10.0.0.0 Description: The issue concerns the verification of SSL certificates. When verifying these certificates, the hostname presented in the...