Lucene search
PRIOn knowledge basePRION:CVE-2020-13482HistoryMay 25, 2020 - 10:15 p.m.
Design/Logic Flaw
2020-05-2522:15:00
PRIOn knowledge base
www.prio-n.com
2
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
References
github.com/igrigorik/em-http-request/issues/339
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKYP5TR5NTVVDX5R4HCNNH2OQR7M4X3J/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z32PUJA6RGBZ3TKSOTGUXZ45662S3MVF/
securitylab.github.com/advisories/GHSL-2020-094-igrigorik-em-http-request
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0172)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: rubygem-em-http-request-1.1.7-1.fc32
2021-01-07 01:14:17
[SECURITY] Fedora 33 Update: rubygem-em-http-request-1.1.7-1.fc33
2021-01-07 01:15:42
nessus
nessus
Fedora 32 : rubygem-em-http-request (2020-117f1b67fb)
2021-01-11 00:00:00
Fedora 33 : rubygem-em-http-request (2020-8ccd750904)
2021-01-11 00:00:00
RHEL 7 : rubygem-em-http-request (RHSA-2021:0937)
2021-03-18 00:00:00
mageia
mageia
Updated ruby-em-http-request packages fix security vulnerability
2021-04-02 23:25:05
osv
osv
CVE-2020-13482
2020-05-25 22:15:09
Improper Certificate Validation in EM-HTTP-Request
2021-05-24 18:13:13
nvd
nvd
CVE-2020-13482
2020-05-25 22:15:09
redhat
redhat
(RHSA-2021:0937) Important: rubygem-em-http-request security update
2021-03-18 12:26:33
cvelist
cvelist
CVE-2020-13482
2020-05-25 21:49:30
cve
cve
CVE-2020-13482
2020-05-25 22:15:09
redhatcve
redhatcve
CVE-2020-13482
2020-12-29 14:59:37
veracode
veracode
Man-in-the-middle (MitM)
2020-06-18 06:49:23
github
github
Improper Certificate Validation in EM-HTTP-Request
2021-05-24 18:13:13