Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-xgv7-pqqh-h2w9: jruby-openssl gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.

ghsa
#git#ruby#ssl

jruby-openssl gem for JRuby fails to do proper certificate validation

Moderate severity GitHub Reviewed Published Jan 19, 2023 • Updated Jan 19, 2023

Related news

CVE-2009-4123: CVE-2009-4123 - GitHub Advisory Database

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.