OSVDB 119927 : http Gem for Ruby SSL Certificate Validation MitM Spoofing

Problem

There was a security vulnerability issued by Gemnasium about the http gem with the title OSVDB-119927 – MitM Security Vulnerability.

The details for it are here.

Solution

After some investigation (gem dependency http –reverse-dependencies) it turns out that the twitter gem (5.14.), is using an older vulnerable http dependency (0.6.3).

In order to remove this warning and until there is a new twitter gem released, you can use the github master branch of twitter, like: