42

Web notebook about thoughts and discoveries in DevOps, SRE, Software Engineering….

OSVDB 119927 : http Gem for Ruby SSL Certificate Validation MitM Spoofing

Posted on 15 April 2015 by kosmas

Problem

There was a security vulnerability issued by Gemnasium about the http gem with the title OSVDB-119927 – MitM Security Vulnerability.

The details for it are here.

Solution

After some investigation (gem dependency http –reverse-dependencies) it turns out that the twitter gem (5.14.), is using an older vulnerable http dependency (0.6.3).

In order to remove this warning and until there is a new twitter gem released, you can use the github master branch of twitter, like:

gem 'twitter', github: 'sferik/twitter'

Security Vulnerability in Nested Attributes code in Ruby On Rails 2.3.9 and 3.0.0

Posted on 15 October 2010 by kosmas

Problem
New security vulnerability in nested attributes in Rails 2.3.9 and 3.0.0

Solution
More details and links to patches for upgrading here

M	T	W	T	F	S	S
				1	2	3
4	5	6	7	8	9	10
11	12	13	14	15	16	17
18	19	20	21	22	23	24
25	26	27	28	29	30