CVE-2017-0902

Published: 8/31/2017 Last updated: 9/17/2024 Reserved: 11/30/2016

RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

CNA assigner: hackerone (36234546-b8fa-4601-9d6f-f4e334aa8ea1) Requested by: n/a