Security
Headlines

Headlines Latest CVEs

Headline

GHSA-xgv7-pqqh-h2w9: jruby-openssl gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.

1 year ago

#git #ruby #ssl

jruby-openssl gem for JRuby fails to do proper certificate validation

Moderate severity GitHub Reviewed Published Jan 19, 2023 • Updated Jan 19, 2023

Related news

CVE-2009-4123: CVE-2009-4123 - GitHub Advisory Database

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.

11 months ago

#git #ruby #ssl

ghsa: Latest News

GHSA-27wf-5967-98gx: Kubernetes kubelet arbitrary command execution

21 hours ago

GHSA-mr95-vfcf-fx9p: Apache Answer: Predictable Authorization Token Using UUIDv1

21 hours ago

GHSA-pqhp-25j4-6hq9: smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables

22 hours ago

GHSA-v5h2-q2w4-gpcx: Sentry improper error handling leaks Application Integration Client Secret

22 hours ago

GHSA-8w49-h785-mj3c: Tornado has an HTTP cookie parsing DoS vulnerability

22 hours ago