2 matches found
GHSA-4F68-49QQ-H392 Improper certificate validation in em-imap
em-imap 0.5 and earlier use the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified...
GHSA-3Q49-H8F9-9FR9 Missing TLS certificate verification
Faye uses em-http-request6 and faye-websocket10 in the Ruby version of its client. Those libraries both use the EM::Connectionstarttls1 method in EventMachine2 to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not implement certificate verification by...