RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2015-06-24T14:00:00
Updated: 2017-12-08T10:57:01
Reserved: 2015-05-12T00:00:00
Link: CVE-2015-3900
JSON object: View
NVD Information
Status : Modified
Published: 2015-06-24T14:59:01.190
Modified: 2019-04-22T17:48:00.643
Link: CVE-2015-3900
JSON object: View
Redhat Information
No data.
CWE