2 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-15134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em- http-request and faye-websocket in the Ruby version of i...
CVE-2020-15134
CVE-2020-15134 describes a TLS certificate verification flaw in Faye before 1.4.0, where the Ruby client uses em-http-request and faye-websocket, and EventMachine’s EM::Connection#start_tls does not verify server certificates by default. This can allow MITM attacks on https: or wss: connections, ...