42

Web notebook about thoughts and discoveries in DevOps, SRE, Software Engineering….

OSVDB 119927 : http Gem for Ruby SSL Certificate Validation MitM Spoofing

Posted on 15 April 2015 by kosmas

Problem

There was a security vulnerability issued by Gemnasium about the http gem with the title OSVDB-119927 – MitM Security Vulnerability.

The details for it are here.

Solution

After some investigation (gem dependency http –reverse-dependencies) it turns out that the twitter gem (5.14.), is using an older vulnerable http dependency (0.6.3).

In order to remove this warning and until there is a new twitter gem released, you can use the github master branch of twitter, like:

gem 'twitter', github: 'sferik/twitter'

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30