1 results (0.008 seconds)

CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1

lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information. La biblioteca lib/oauth/consumer.rb en la gema oauth-ruby versiones hasta 0.5.4 para Ruby, no verifica los certificados X.509 del servidor si no se puede encontrar un paquete de certificados, lo que permite a atacantes de tipo man-in-the-middle falsificar servidores y obtener información confidencial . • https://github.com/oauth-xx/oauth-ruby/issues/137 • CWE-295: Improper Certificate Validation •