Description
RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Fastest Cache Multiple Vulnerabilities (0.9.4)
WordPress Plugin ALO EasyMail Newsletter Multiple Cross-Site Scripting Vulnerabilities (2.4.7)
Oracle Application Server CVE-2008-4017 Vulnerability (CVE-2008-4017)
WordPress Plugin WordPress Landing Pages Unspecified Vulnerability (2.0.2)