
Find real vulnerabilities before they ship
The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.
Base Score
5.9| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| http(RubyGems) | 0.7.0 | 0.7.3 | N/A |
| http(RubyGems) | 0 | 0.6.4 | N/A |
| Base Score | 5.9 |
|---|---|
| Vector String | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| Base Severity | Medium |
| Version | 3.1 |
| Attack Vector (AV) | NETWORK |