本ページは jruby jruby-openssl に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-46551 | JRuby-OpenSSL is an add-on gem for JRuby that emulates the Ruby OpenSSL native library. Starting in JRuby-OpenSSL version 0.12.1 and prior to version 0.15.4 (corresponding to JRuby versions starting in 9.3.4.0 prior to 9.4.12.1 and 10.0.0.0 prior to 10.0.0.1), when verifying SSL certificates, JRuby-OpenSSL does not verify that the hostname presented in the certificate matches the one the user tries to connect to. This means a man-in-the-middle could just present any valid cert for a completely d | [email protected] | 5.7 | 0.16% | 2025-05-07 | 2026-06-17 |
| CVE-2009-4123 | The jruby-openssl gem before 0.6 for JRuby mishandles SSL certificate validation. | [email protected] | 7.5 | 0.60% | 2023-12-12 | 2026-06-16 |