Moderate severityNVD Advisory· Published Apr 17, 2014· Updated May 6, 2026
CVE-2014-0036
CVE-2014-0036
Description
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rbovirtRubyGems | < 0.0.24 | 0.0.24 |
Affected products
23cpe:2.3:a:amos_benari:rbovirt:0.0.10:*:*:*:*:ruby:*:*+ 22 more
- cpe:2.3:a:amos_benari:rbovirt:0.0.10:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.11:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.12:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.13:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.14:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.15:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.16:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.17:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.18:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.19:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.1:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.20:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.21:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.22:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.2:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.3:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.4:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.5:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.6:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.7:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.8:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:0.0.9:*:*:*:*:ruby:*:*
- cpe:2.3:a:amos_benari:rbovirt:*:*:*:*:*:ruby:*:*range: <=0.0.23
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-ww79-8xwv-932xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-0036ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2014-March/130148.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2014-March/130180.htmlnvdWEB
- seclists.org/oss-sec/2014/q1/509nvdWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/rbovirt/CVE-2014-0036.ymlghsaWEB
News mentions
0No linked articles in our index yet.