GMS-2013-2: Man-in-the-Middle

February 13, 2013

This package is vulnerable to Man-in-the-middle (MitM) attacks due to attacks due to downloading gems over an insecure protocol. Without a secure connection, it is possible for an attacker to intercept this connection and alter the packages received. In serious cases, this may even lead to Remote Code Execution (RCE) on your host server.

References

github.com/collectiveidea/delayed_job/commit/03c34c4a9b41a5d5d7594457c7c25044d215dd63

Detect and mitigate GMS-2013-2 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →