Headline
GHSA-xgv7-pqqh-h2w9: jruby-openssl gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.
jruby-openssl gem for JRuby fails to do proper certificate validation
Moderate severity GitHub Reviewed Published Jan 19, 2023 • Updated Jan 19, 2023
Related news
CVE-2009-4123: CVE-2009-4123 - GitHub Advisory Database
The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.