CVE-2012-2126

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...

CVE-2012-2126

CVE-2012-2126 affects RubyGems prior to 1.8.23, where SSL certificate verification is not performed, enabling an attacker to perform a MITM attack to modify a gem during installation. Public references indicate the issue is addressed by upgrading RubyGems (e.g., to 1.8.23 or later) in affected en...

CVE-2012-2126

RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack...

CVE-2012-2125

CVE-2012-2125 affects RubyGems prior to 1.8.23, where HTTPS connections could be redirected to HTTP, enabling a remote attacker to observe or modify a gem during installation via a man‑in‑the‑middle. The accompanying open‑source advisories and OS patch references document this issue across multip...

CVE-2012-2125

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

[SECURITY] Fedora 20 Update: rubygems-2.0.10-106.fc20

RubyGems is the Ruby standard for publishing and managing third party libraries...

Amazon Linux AMI : rubygems (ALAS-2013-230)

Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service CPU...

Fedora 20 : rubygems-2.0.10-106.fc20 (2013-17603)

Previously a security flow was found on rubygems for validating versions with a regular expression which is vulnerable to denial of service due to backtracking. Although this was thought to be fixed in the previous rubygems, the fix was found imcomplete and the imcompleteness is now assigned as...

Medium: rubygems

Issue Overview: Algorithmic complexity vulnerability in Gem::Version::VERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of...

ruby-gems -- Algorithmic Complexity Vulnerability

Ruby Gem developers report: The patch for CVE-2013-4363 was insufficiently verified so the combined regular expression for verifying gem version remains vulnerable following CVE-2013-4363. RubyGems validates versions with a regular expression that is vulnerable to denial of service due to...

Fedora Update for rubygems FEDORA-2013-16316

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for rubygems FEDORA-2013-16376

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-4363 rubygems: version regex algorithmic complexity vulnerability, incomplete CVE-2013-4287 fix

'Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a denial of service C...

Fedora Update for rubygems FEDORA-2013-16316

Check for the Version of rubygems OpenVAS Vulnerability Test Fedora Update for rubygems FEDORA-2013-16316 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

Fedora Update for rubygems FEDORA-2013-16376

Check for the Version of rubygems OpenVAS Vulnerability Test Fedora Update for rubygems FEDORA-2013-16376 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 20 Update: rubygems-2.0.8-104.fc20

RubyGems is the Ruby standard for publishing and managing third party libraries...

Fedora 20 : rubygems-2.0.8-104.fc20 (2013-16251)

A vulnerability was found on rubygems currently being shipped on Fedora in validating versions with a regular expression which leads to denial of service due to backtracking. This issue are now assigned as CVE-2013-4287. This new rpm will fix this issue. Note that Tenable Network Security has...

Fedora 19 : rubygems-2.0.8-104.fc19 (2013-16376)

A vulnerability was found on rubygems currently being shipped on Fedora in validating versions with a regular expression which leads to denial of service due to backtracking. This issue are now assigned as CVE-2013-4287. This new rpm will fix this issue. Note that Tenable Network Security has...

Fedora 18 : rubygems-1.8.25-7.fc18 (2013-16316)

A vulnerability was found on rubygems currently being shipped on Fedora in validating versions with a regular expression which leads to denial of service due to backtracking. This issue are now assigned as CVE-2013-4287. This new rpm will fix this issue. Note that Tenable Network Security has...

[SECURITY] Fedora 19 Update: rubygems-2.0.8-104.fc19

RubyGems is the Ruby standard for publishing and managing third party libraries...