Description |
- |
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. Net::IMAP does not raise an exception when StartTLS fails with an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack.” |
+ |
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. Net::IMAP does not raise an exception when StartTLS fails with an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack”. |
|