Moderate severityNVD Advisory· Published Oct 1, 2013· Updated Apr 29, 2026
CVE-2012-2125
CVE-2012-2125
Description
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rubygems-updateRubyGems | < 1.8.23 | 1.8.23 |
Affected products
23cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*range: <=1.8.22
- cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- www.openwall.com/lists/oss-security/2012/04/20/24nvdPatchWEB
- bugzilla.redhat.com/show_bug.cginvdPatchWEB
- rhn.redhat.com/errata/RHSA-2013-1203.htmlnvdVendor AdvisoryWEB
- www.ubuntu.com/usn/USN-1582-1/nvdVendor Advisory
- github.com/advisories/GHSA-228f-g3h7-3fj3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-2125ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2013-1441.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2013-1852.htmlnvdWEB
- www.ubuntu.com/usn/USN-1582-1ghsaWEB
- github.com/rubygems/rubygems/blob/1.8/History.txtnvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2125.ymlghsaWEB
- secunia.com/advisories/55381nvd
News mentions
0No linked articles in our index yet.