jruby-openssl Gem for JRuby fails to do proper certificate validation
A security problem involving peer certificate verification was found where
failed verification silently did nothing, making affected applications
vulnerable to attackers. Attackers could lead a client application to believe
that a secure connection to a rogue SSL server is legitimate. Attackers could
also penetrate client-validated SSL server applications with a dummy
Am I vulnerable?
The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.
Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.Sign up for monitoring
Affected package information
|Package||Patched in||Unaffected in|