High severityNVD Advisory· Published Sep 24, 2020· Updated Aug 6, 2024
CVE-2016-11086
CVE-2016-11086
Description
lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
oauthRubyGems | < 0.5.5 | 0.5.5 |
Affected products
2- ruby/oauth-rubydescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-7359-3c6r-hfc2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-11086ghsaADVISORY
- github.com/oauth-xx/oauth-ruby/commit/eb5b00a91d4ef0899082fdba929c34ccad6d4ccbghsaWEB
- github.com/oauth-xx/oauth-ruby/issues/137ghsax_refsource_MISCWEB
- github.com/oauth-xx/oauth-ruby/releases/tag/v0.5.5ghsaWEB
- rubygems.org/gems/oauthghsaWEB
News mentions
0No linked articles in our index yet.