In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
References
Link | Resource |
---|---|
https://github.com/voloko/twitter-stream | Product |
https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream | Exploit Third Party Advisory |
https://github.com/voloko/twitter-stream | Product |
https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 05:14
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/voloko/twitter-stream - Product | |
References | () https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream - Exploit, Third Party Advisory |
Information
Published : 2021-02-19 23:15
Updated : 2024-11-21 05:14
NVD link : CVE-2020-24392
Mitre link : CVE-2020-24392
CVE.ORG link : CVE-2020-24392
JSON object : View
Products Affected
twitter-stream_project
- twitter-stream
CWE
CWE-295
Improper Certificate Validation