em-http-request is vulnerable to man-in-the-middle (MitM). It uses the library eventmachine insecurely as it misses SSL/TLS certificate hostname verification, allowing a man-in-the-middle attack against the users of the library.
github.com/igrigorik/em-http-request/issues/339
lists.fedoraproject.org/archives/list/[email protected]/message/MKYP5TR5NTVVDX5R4HCNNH2OQR7M4X3J/
lists.fedoraproject.org/archives/list/[email protected]/message/Z32PUJA6RGBZ3TKSOTGUXZ45662S3MVF/
securitylab.github.com/advisories/GHSL-2020-094-igrigorik-em-http-request