Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories: GSA_kwCzR0hTQS14Z3Y3LXBxcWgtaDJ3Oc4AAxEu

jruby-openssl gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.

Permalink: https://github.com/advisories/GHSA-xgv7-pqqh-h2w9

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 17 days ago
Updated: 12 days ago

Identifiers: GHSA-xgv7-pqqh-h2w9, CVE-2009-4123
References:

Affected Packages

rubygems:jruby-openssl
Versions: < 0.6
Fixed in: 0.6