GMS-2014-6: Man-in-the-Middle

May 20, 2014

This package is vulnerable to Man-in-the-middle (MitM) attacks due to attacks due to downloading gems over an insecure protocol. Without a secure connection, it is possible for an attacker to intercept this connection and alter the packages received. In serious cases, this may even lead to Remote Code Execution (RCE) on your host server.

References

github.com/jasmine/jasmine-gem/commit/e2105b71aee65386d0d083e4b64c49892d0d6caa
github.com/jasmine/jasmine-gem/pull/213

Code Behaviors & Features

Detect and mitigate GMS-2014-6 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →