Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2009-4123: CVE-2009-4123 - GitHub Advisory Database

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.

CVE
#git#ruby#ssl

jruby-openssl gem for JRuby fails to do proper certificate validation

Moderate severity GitHub Reviewed Published Jan 19, 2023 to the GitHub Advisory Database • Updated Jan 24, 2023

Related news

GHSA-xgv7-pqqh-h2w9: jruby-openssl gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907