📦

trunk

Vendor: ruby-lang

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 0 Remote Access

Total CVEs 1 Total Indexed

Avg. EPSS 2.72% Exploit Prob.

Latest CVE CVE-2015-1855 Nov 29

Security Vulnerability Index

Page 1 / 1

5.9 CVSS

CVE-2015-1855

verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.

EPSS: 2.72%

Severity: MEDIUM

Nov 29, 2019

Displaying 1 of 1 Total Entries

Total 1 Sections