Description

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.

Remediation

References

CVE-2012-2125

Related Vulnerabilities

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5317)

MySQL CVE-2015-4861 Vulnerability (CVE-2015-4861)

WordPress Plugin XML Sitemap & Google News feeds Cross-Site Scripting (3.9)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17003)

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.9)

Severity

Medium

Classification

CVE-2012-2125

Tags

Missing Update Known Vulnerabilities