GMS-2013-3: Man-in-the-Middle

February 13, 2013

This package is vulnerable to Man-in-the-middle (MitM) attacks due to attacks due to downloading gems over an insecure protocol. Without a secure connection, it is possible for an attacker to intercept this connection and alter the packages received. In serious cases, this may even lead to Remote Code Execution (RCE) on your host server.

References

github.com/collectiveidea/delayed_job_active_record/commit/3436dd0921daff15e7e1f87f1da0384138c582cc

Code Behaviors & Features

Detect and mitigate GMS-2013-3 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →