CVE-2020-24392

Опубликовано: 19 фев. 2021

Источник: debian

EPSS Низкий

Описание

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).

Пакеты

Пакет	Статус	Релиз	Тип
ruby-twitter-stream	removed		package
ruby-twitter-stream	ignored	bookworm	package
ruby-twitter-stream	no-dsa	bullseye	package
ruby-twitter-stream	no-dsa	buster	package
ruby-twitter-stream	no-dsa	stretch	package

Примечания

https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream

EPSS

Процентиль: 40%

0.00185

Низкий

Связанные уязвимости

CVE-2020-24392

CVSS3: 5.9

ubuntu

почти 5 лет назад

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).

CVE-2020-24392

CVSS3: 5.9

nvd

почти 5 лет назад

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).

GHSA-p6p8-q4pj-f74m

CVSS3: 5.9

github

почти 5 лет назад

Improper Certificate Validation in twitter-stream

EPSS

Процентиль: 40%

0.00185

Низкий