CVE-2015-1828 – http

Package

Manager: gem
Name: http
Vulnerable Version: >=0 <0.7.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.0032 pctl0.54456

Details

http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remote attackers to obtain sensitive information via a man-in-the-middle-attack.

Metadata

Created: 2018-03-13T16:15:57Z
Modified: 2023-01-25T23:04:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/03/GHSA-6wpv-cj6x-v3jw/GHSA-6wpv-cj6x-v3jw.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-6wpv-cj6x-v3jw
Finding: F017
Auto approve: 1