|
|
Log in / Subscribe / Register

rubygems: DNS hijacking

Package(s):rubygems CVE #(s):CVE-2015-3900
Created:August 11, 2015 Updated:September 9, 2015
Description: From the CVE entry:

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API request, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

Alerts:
Red Hat RHSA-2015:1657-01 rh-ruby22-ruby 2015-08-24
Fedora FEDORA-2015-13157 rubygems 2015-08-19
Fedora FEDORA-2015-12574 rubygems 2015-08-11
Mageia MGASA-2015-0345 ruby-RubyGems 2015-09-08
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds