Lucene search
Veracode Vulnerability DatabaseVERACODE:25708HistoryJun 18, 2020 - 6:49 a.m.
Man-in-the-middle (MitM)
2020-06-1806:49:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.001 Low
EPSS
Percentile
39.5%
em-http-request is vulnerable to man-in-the-middle (MitM). It uses the library eventmachine insecurely as it misses SSL/TLS certificate hostname verification, allowing a man-in-the-middle attack against the users of the library.
References
github.com/igrigorik/em-http-request/issues/339
lists.fedoraproject.org/archives/list/[email protected]/message/MKYP5TR5NTVVDX5R4HCNNH2OQR7M4X3J/
lists.fedoraproject.org/archives/list/[email protected]/message/Z32PUJA6RGBZ3TKSOTGUXZ45662S3MVF/
securitylab.github.com/advisories/GHSL-2020-094-igrigorik-em-http-request
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0172)
2022-01-28 00:00:00
redhat
redhat
(RHSA-2021:0937) Important: rubygem-em-http-request security update
2021-03-18 12:26:33
nessus
nessus
RHEL 7 : rubygem-em-http-request (RHSA-2021:0937)
2021-03-18 00:00:00
Fedora 32 : rubygem-em-http-request (2020-117f1b67fb)
2021-01-11 00:00:00
Fedora 33 : rubygem-em-http-request (2020-8ccd750904)
2021-01-11 00:00:00
prion
prion
Design/Logic Flaw
2020-05-25 22:15:00
fedora
fedora
[SECURITY] Fedora 32 Update: rubygem-em-http-request-1.1.7-1.fc32
2021-01-07 01:14:17
[SECURITY] Fedora 33 Update: rubygem-em-http-request-1.1.7-1.fc33
2021-01-07 01:15:42
mageia
mageia
Updated ruby-em-http-request packages fix security vulnerability
2021-04-02 23:25:05
osv
osv
CVE-2020-13482
2020-05-25 22:15:09
Improper Certificate Validation in EM-HTTP-Request
2021-05-24 18:13:13
nvd
nvd
CVE-2020-13482
2020-05-25 22:15:09
cvelist
cvelist
CVE-2020-13482
2020-05-25 21:49:30
redhatcve
redhatcve
CVE-2020-13482
2020-12-29 14:59:37
cve
cve
CVE-2020-13482
2020-05-25 22:15:09
github
github
Improper Certificate Validation in EM-HTTP-Request
2021-05-24 18:13:13