CVE-2020-24392

Опубликовано: 19 фев. 2021

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).

Ссылки

https://github.com/voloko/twitter-stream
Product
https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream
Exploit
Third Party Advisory
https://github.com/voloko/twitter-stream
Product
https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:twitter-stream_project:twitter-stream:0.1.10:*:*:*:*:ruby:*:*

EPSS

Процентиль: 40%

0.00185

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

CVE-2020-24392

CVSS3: 5.9

ubuntu

почти 5 лет назад

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).

CVE-2020-24392

CVSS3: 5.9

debian

почти 5 лет назад

In voloko twitter-stream 0.1.10, missing TLS hostname validation allow ...

GHSA-p6p8-q4pj-f74m

CVSS3: 5.9

github

почти 5 лет назад

Improper Certificate Validation in twitter-stream

EPSS

Процентиль: 40%

0.00185

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295