CVE-2017-0902: Origin Validation Error

August 31, 2017 (updated October 9, 2019)

RubyGems is vulnerable to a DNS hijacking vulnerability that allows a MITM attacker to force the RubyGems client to download and install gems from a server that the attacker controls.

References

blog.rubygems.org/2017/08/27/2.6.13-released.html
www.securityfocus.com/bid/100586
www.securitytracker.com/id/1039249
hackerone.com/reports/218088
nvd.nist.gov/vuln/detail/CVE-2017-0902

Detect and mitigate CVE-2017-0902 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →