RubyGems package
http
pkg:gem/http
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1828 | Med | 5.9 | >= 0.7.0, < 0.7.3 | 0.7.3 | Oct 6, 2017 | The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack. |
- affected >= 0.7.0, < 0.7.3fixed 0.7.3
The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.