RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Rubygems | Rubygems | * | 1.8.22 (including) |
| Rubygems | Rubygems | 1.8.0 (including) | 1.8.0 (including) |
| Rubygems | Rubygems | 1.8.1 (including) | 1.8.1 (including) |
| Rubygems | Rubygems | 1.8.2 (including) | 1.8.2 (including) |
| Rubygems | Rubygems | 1.8.3 (including) | 1.8.3 (including) |
| Rubygems | Rubygems | 1.8.4 (including) | 1.8.4 (including) |
| Rubygems | Rubygems | 1.8.5 (including) | 1.8.5 (including) |
| Rubygems | Rubygems | 1.8.6 (including) | 1.8.6 (including) |
| Rubygems | Rubygems | 1.8.7 (including) | 1.8.7 (including) |
| Rubygems | Rubygems | 1.8.8 (including) | 1.8.8 (including) |
| Rubygems | Rubygems | 1.8.9 (including) | 1.8.9 (including) |
| Rubygems | Rubygems | 1.8.10 (including) | 1.8.10 (including) |
| Rubygems | Rubygems | 1.8.11 (including) | 1.8.11 (including) |
| Rubygems | Rubygems | 1.8.12 (including) | 1.8.12 (including) |
| Rubygems | Rubygems | 1.8.13 (including) | 1.8.13 (including) |
| Rubygems | Rubygems | 1.8.14 (including) | 1.8.14 (including) |
| Rubygems | Rubygems | 1.8.15 (including) | 1.8.15 (including) |
| Rubygems | Rubygems | 1.8.16 (including) | 1.8.16 (including) |
| Rubygems | Rubygems | 1.8.17 (including) | 1.8.17 (including) |
| Rubygems | Rubygems | 1.8.18 (including) | 1.8.18 (including) |
| Rubygems | Rubygems | 1.8.19 (including) | 1.8.19 (including) |
| Rubygems | Rubygems | 1.8.20 (including) | 1.8.20 (including) |
| Rubygems | Rubygems | 1.8.21 (including) | 1.8.21 (including) |