VYPR
Moderate severityNVD Advisory· Published Oct 1, 2013· Updated Jun 16, 2026

CVE-2012-2125

CVE-2012-2125

Description

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rubygems-updateRubyGems
< 1.8.231.8.23

Affected products

24
  • RubyGems/Rubygems23 versions
    cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*+ 22 more
    • cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*range: <=1.8.22
    • cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*
    • cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*
  • ghsa-coords
    Range: < 1.8.23

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.