GHSA-xgv7-pqqh-h2w9

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-xgv7-pqqh-h2w9/GHSA-xgv7-pqqh-h2w9.json
Aliases
  • CVE-2009-4123
Published
2023-01-19T17:51:27Z
Modified
2023-01-31T02:40:21.207254Z
Details

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.

References

Affected packages

RubyGems / jruby-openssl

jruby-openssl

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Fixed
0.6

Affected versions

0.*

0.0.1
0.0.2
0.0.3
0.0.4
0.1
0.1.1
0.2
0.2.1
0.2.2
0.2.3
0.3
0.4
0.5
0.5.1
0.5.2