Filtered by vendor Ruby-lang Subscriptions
Filtered by product Trunk Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2015-1855 3 Debian, Puppet, Ruby-lang 5 Debian Linux, Puppet Agent, Puppet Enterprise and 2 more 2024-08-06 5.9 Medium
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.