CVE-2020-24393 – tweetstream

Package

Manager: gem
Name: tweetstream
Vulnerable Version: >=0 <=2.6.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00185 pctl0.40549

Details

Improper Certificate Validation in TweetStream TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.

Metadata

Created: 2021-04-13T15:42:36Z
Modified: 2023-01-26T22:35:31Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-6hrm-jqp3-64cv/GHSA-6hrm-jqp3-64cv.json
CWE IDs: ["CWE-295"]
Alternative ID: GHSA-6hrm-jqp3-64cv
Finding: F163
Auto approve: 1