oss-sec mailing list archives
CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client
From: Garth Mollett <gmollett () redhat com>
Date: Thu, 06 Mar 2014 12:35:27 +1100
Michael Samuel of Amcom discovered that the rbovirt gem used rest-client with SSL verification disabled. Any products making use of this gem are likely vulnerable to MITM attacks. This is fixed in the latest upstream release: http://rubygems.org/gems/rbovirt/versions/0.0.24 -- Garth Mollett / Red Hat Security Response Team
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE-2014-0036 rubygem-rbovirt: unsafe use of rest-client Garth Mollett (Mar 05)