Koen Rhodes

Name of the Vulnerable Software and Affected Versions: oauth-ruby gem versions through 0.5.4 Description: The issue allows man-in-the-middle attackers to spoof servers and obtain sensitive information because it does not verify server X.509 certificates if a certificate bundle cannot be found. Recommendations: For versions through 0.5.4, consider updating to a version that verifies server X.509 certificates properly to prevent man-in-the-middle attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.