The Ruby maintainers of Ruby have fixed a serious flaw in its SSL client that could have allowed an attacker to conduct man-in-the-middle attacks by spoofing an SSL server. An attacker exploiting the flaw could impersonate a trusted SSL server and intercept protected traffic intended for that server. The vulnerability lies in the OpenSSL toolkit that s built in to Ruby and is present in several versions of the software from 1.8 through 2.0. The maintainers have released patches for the bug.
Source: https://threatpost.com/openssl-man-in-the-middle-flaw-fixed-in-ruby/101109/