Moderate severityNVD Advisory· Published Oct 1, 2013· Updated Jun 16, 2026
CVE-2012-2126
CVE-2012-2126
Description
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rubygems-updateRubyGems | < 1.8.23 | 1.8.23 |
Affected products
24cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*+ 22 more
- cpe:2.3:a:rubygems:rubygems:*:*:*:*:*:*:*:*range: <=1.8.22
- cpe:2.3:a:rubygems:rubygems:1.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.10:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.11:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.12:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.13:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.14:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.15:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.16:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.17:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.18:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.19:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.20:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.21:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.6:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.7:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.8:*:*:*:*:*:*:*
- cpe:2.3:a:rubygems:rubygems:1.8.9:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
13- github.com/rubygems/rubygems/blob/1.8/History.txtnvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-5mgj-mvv8-46mwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-2126ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2013-1203.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2013-1441.htmlnvdWEB
- rhn.redhat.com/errata/RHSA-2013-1852.htmlnvdWEB
- www.openwall.com/lists/oss-security/2012/04/20/24nvdWEB
- www.ubuntu.com/usn/USN-1582-1ghsaWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/rubygems/rubygems/commit/d4c7eafb8efe1e13a7abf5be5a5b4548870b15b7ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rubygems-update/CVE-2012-2126.ymlghsaWEB
- secunia.com/advisories/55381nvd
- www.ubuntu.com/usn/USN-1582-1/nvd
News mentions
0No linked articles in our index yet.