OSVDB 119927 : http Gem for Ruby SSL Certificate Validation MitM Spoofing


There was a security vulnerability issued by Gemnasium about the http gem with the title OSVDB-119927 – MitM Security Vulnerability.

The details for it are here.


After some investigation (gem dependency http –reverse-dependencies) it turns out that the twitter gem (5.14.), is using an older vulnerable http dependency (0.6.3).

In order to remove this warning and until there is a new twitter gem released, you can use the github master branch of twitter, like:

gem 'twitter', github: 'sferik/twitter'