67 matches found
rubygem-em-http-request: missing SSL hostname validation allows MITM
A flaw was found in rubygem-em-http-request. The eventmachine library does not verify the hostname in a TLS server certificate which can allow an attacker to perform a man-in-the-middle attack. The highest threat from this vulnerability is to data confidentiality and integrity...
RHEL 7 : rubygem-em-http-request (RHSA-2021:0937)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0937 advisory. EventMachine based, async HTTP Request client. Security Fixes: missing SSL hostname validation allows MITM CVE-2020-13482 For more details about the...
CVE-2020-24393
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...
CVE-2020-24393
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...
CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
Design/Logic Flaw
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
Input validation
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...
CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
UBUNTU-CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
CVE-2020-24393
CVE-2020-24393 affects TweetStream 2.6.1. The vulnerability arises from insecure use of the eventmachine library that omits TLS hostname validation, enabling potential man-in-the-middle attacks. Public sources (including Red Hat, OSV, MV sources) reiterate the same description and do not specify ...
CVE-2020-24393
TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack...
CVE-2020-24392
CVE-2020-24392 concerns missing TLS hostname validation in voloko twitter-stream (versions 0.1.10 and 0.1.16 in various advisories), caused by misused eventmachine. This allows a man-in-the-middle attack against users of the library. The vulnerability is described across multiple sources (Red Hat...
CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
CVE-2020-24392
In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library because eventmachine is misused...
Fedora: Security Advisory for rubygem-em-http-request (FEDORA-2020-117f1b67fb)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 33 Update: rubygem-em-http-request-1.1.7-1.fc33
EventMachine based, async HTTP Request client...
[SECURITY] Fedora 32 Update: rubygem-em-http-request-1.1.7-1.fc32
EventMachine based, async HTTP Request client...
Man-in-the-Middle (MitM)
tweetstream is vulnerable to man-in-the-middle MitM. The vulnerability exists through the insecure usage of eventmachine, where it does not perform validation of hostnames, when initiating SSL/TLS connections...
CVE-2020-15133
In faye-websocket before version 0.11.0, there is a lack of certification validation in TLS handshakes. The Faye::WebSocket::Client class uses the EM::Connectionstarttls method in EventMachine to implement the TLS handshake whenever a wss: URL is used for the connection. This method does not...