Emboss

**Name of the Vulnerable Software and Affected Versions** Ruby versions 2.x **Description** The issue concerns the openssl extension in Ruby, which does not properly maintain the state of process memory after a file is reopened. This allows remote attackers to spoof signatures within the context of a Ruby script that attempts signature verification after performing a certain sequence of filesystem operations. The issue has been disputed by the Ruby OpenSSL team and third parties, who state that the original demonstration contains errors and redundant or unnecessarily-complex code. **Recommendations** For Ruby version 2.x, at the moment, there is no information about a newer version that contains a fix for this issue.