EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
References
Configurations
History
07 Nov 2023, 03:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
24 Feb 2021, 20:36
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://securitylab.github.com/advisories/GHSL-2020-094-igrigorik-em-http-request - Exploit, Third Party Advisory |
22 Feb 2021, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Jan 2021, 21:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 7.4 |
CPE | cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKYP5TR5NTVVDX5R4HCNNH2OQR7M4X3J/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z32PUJA6RGBZ3TKSOTGUXZ45662S3MVF/ - Mailing List, Third Party Advisory |
07 Jan 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-05-25 22:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-13482
Mitre link : CVE-2020-13482
CVE.ORG link : CVE-2020-13482
JSON object : View
Products Affected
em-http-request_project
- em-http-request
fedoraproject
- fedora
CWE
CWE-295
Improper Certificate Validation