exploitDog

CVE-2020-24393

Опубликовано: 19 фев. 2021

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Низкий

Описание

TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.

Ссылки

https://github.com/tweetstream/tweetstream
Product
https://securitylab.github.com/advisories/GHSL-2020-096-tweetstream-tweetstream
Exploit
Third Party Advisory
https://github.com/tweetstream/tweetstream
Product
https://securitylab.github.com/advisories/GHSL-2020-096-tweetstream-tweetstream
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tweetstream_project:tweetstream:2.6.1:*:*:*:*:ruby:*:*

EPSS

Процентиль: 41%

0.00185

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295

Связанные уязвимости

GHSA-6hrm-jqp3-64cv

CVSS3: 5.9

github

почти 5 лет назад

Improper Certificate Validation in TweetStream

EPSS

Процентиль: 41%

0.00185

Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295