Security
Headlines

Headlines Latest CVEs

Headline

GHSA-xgv7-pqqh-h2w9: jruby-openssl gem for JRuby fails to do proper certificate validation

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.

1 year ago

#git #ruby #ssl

jruby-openssl gem for JRuby fails to do proper certificate validation

Moderate severity GitHub Reviewed Published Jan 19, 2023 • Updated Jan 19, 2023

Related news

CVE-2009-4123: CVE-2009-4123 - GitHub Advisory Database

The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation.

10 months ago

#git #ruby #ssl

ghsa: Latest News

GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames

13 hours ago

GHSA-c2f5-jxjv-2hh8: Wasmtime doesn't fully sandbox all the Windows device filenames

13 hours ago

GHSA-4cf2-cxp3-rjr7: HAPI FHIR XML External Entity (XXE) vulnerability

16 hours ago

GHSA-v2qh-f584-6hj8: @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

17 hours ago

GHSA-5wmg-9cvh-qw25: @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

17 hours ago