UpgradeRuby.com

The go-to resource for upgrading Ruby, Rails, and your dependencies.

Posts Tagged: net-http

Understanding CVE-2007-5162: Ruby Net::HTTPS Server Certificate CN Validation Flaw

An in-depth look at CVE-2007-5162, a vulnerability in Ruby's Net::HTTPS library that failed to validate server certificate Common Names, enabling man-in-the-middle attacks.

Mar 15, 2026

rubysecuritycvevulnerabilityssltlsnet-httpmitmcertificate-validation