CVE-2020-24392

Опубликовано: 19 фев. 2021

Источник: ubuntu

Приоритет: low

CVSS2: 4.3

CVSS3: 5.9

Описание

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needed
devel	DNE
esm-apps/bionic	needed
esm-apps/focal	needed
esm-apps/jammy	needed
esm-apps/noble	needed
esm-apps/xenial	needed
esm-infra-legacy/trusty	DNE
focal	ignored	end of standard support, was needed
groovy	ignored	end of life

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

5.9 Medium

CVSS3

Связанные уязвимости

CVE-2020-24392

CVSS3: 5.9

nvd

почти 5 лет назад

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).

CVE-2020-24392

CVSS3: 5.9

debian

почти 5 лет назад

In voloko twitter-stream 0.1.10, missing TLS hostname validation allow ...

GHSA-p6p8-q4pj-f74m

CVSS3: 5.9

github

почти 5 лет назад

Improper Certificate Validation in twitter-stream

4.3 Medium

CVSS2

5.9 Medium

CVSS3

CVE-2020-24392

Описание

Пакет ruby-twitter-stream

Ссылки на источники

Связанные уязвимости