Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
RubyGems 7PK - Security Features Vulnerability - CVE-2015-3900 - Vulnerability Database
RubyGems

RubyGems 7PK - Security Features Vulnerability - CVE-2015-3900

Medium
Reference: CVE-2015-3900
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-3900
Title: RubyGems 7PK - Security Features Vulnerability
Overview:

RubyGems 2.0.x before 2.0.16 2.2.x before 2.2.4 and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record aka a quotDNS hijack attack.quot