Description
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
Remediation
References
Related Vulnerabilities
WordPress CVE-2011-4899 Vulnerability (CVE-2011-4899)
Magento CVE-2019-8150 Vulnerability (CVE-2019-8150)
WordPress Plugin Search Meter CSV Injection (2.13.2)
WordPress Plugin WP Silverlight Media Player Cross-Site Scripting (0.8)
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2021-20502)