CVE-2015-4020 — Improper Input Validation in Rubygems

CWE-20 — Improper Input Validation CWE-345 — Insufficient Verification of Data Authenticity9 documents8 sources

Severity

4.3MEDIUMNVD

CNA5.0GHSA5.0OSV5.0

EPSS

0.5%

top 33.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Solaris Rubygems

Timeline

PublishedAug 25

Latest updateMay 17

Description

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDrubygems/rubygems30 versions+29

▶NVDoracle/solaris11.3

🔴Vulnerability Details

OSV

RubyGems Improper Input Validation vulnerability↗2022-05-17

▶

GHSA

RubyGems Improper Input Validation vulnerability↗2022-05-17

▶

CVEList

CVE-2015-4020: RubyGems 2↗2015-08-25

▶

📋Vendor Advisories

Red Hat

rubygems: incomplete fix for CVE-2015-3900↗2015-05-18

▶

Debian

CVE-2015-4020: jruby - RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does no...↗2015

▶

💬Community

HackerOne

Request Hijacking Vulnerability in RubyGems 2.6.11 and earlier↗2017-08-30

▶

Bugzilla

CVE-2015-4020 rubygems: incomplete fix for CVE-2015-3900↗2015-08-04

▶

Bugzilla

CVE-2015-3900 rubygems: DNS hijacking vulnerability in api_endpoint()↗2015-06-26

▶