Vulners
Lucene search
JrubyJruby-openssl
2 matches found
CVE-2009-4123
CVE-2009-4123 affects the jruby-openssl gem for JRuby, with versions prior to 0.6 mishandling SSL certificate validation. The issue enables attackers to masquerade as a legitimate SSL server by abusing certificate validation logic, per Red Hat andVeracode entries, which detail faulty handling suc...
7.5CVSS7.5AI score0.00255EPSS
CVE-2025-46551
JRuby-OpenSSL (JRuby OpenSSL gem) prior to 0.15.4 fails hostname verification when validating SSL certificates, enabling MITM risk for HTTPS requests to external APIs or web scraping. The affected range is 0.12.1 up to, but not including, 0.15.4 (aligned with JRuby 9.3.4.0–9.4.12.1 and 10.0.0.0–1...
7.1CVSS6.3AI score0.00102EPSS