CVE-2009-4123: Fails to do proper certificate validation

December 7, 2009

A security problem involving peer certificate verification was found where failed verification silently did nothing, making affected applications vulnerable to attackers. Attackers could lead a client application to believe that a secure connection to a rogue SSL server is legitimate. Attackers could also penetrate client-validated SSL server applications with a dummy certificate.

References

github.com/jruby/jruby-openssl/commit/367f170fa17890c7352a5c4dc0bf5f2e8b1d8139
github.com/rubysec/ruby-advisory-db/blob/master/gems/jruby-openssl/CVE-2009-4123.yml

Code Behaviors & Features

Detect and mitigate CVE-2009-4123 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →