RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2017-08-27T00:00:00
Updated: 2018-07-14T09:57:01
Reserved: 2016-11-30T00:00:00
Link: CVE-2017-0902
JSON object: View
NVD Information
Status : Modified
Published: 2017-08-31T20:29:00.603
Modified: 2019-10-09T23:21:10.117
Link: CVE-2017-0902
JSON object: View
Redhat Information
No data.