CVE-2020-24392

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-24392

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-24392.json

Aliases

GHSA-p6p8-q4pj-f74m

Published

2021-02-19T23:15:12Z

Modified

2023-11-29T08:14:21.120956Z

Details

In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).

References

https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream
https://github.com/voloko/twitter-stream

Affected packages

Git / github.com/voloko/twitter-stream

Affected ranges

Type: GIT
Repo: https://github.com/voloko/twitter-stream
Events: Introduced

0The exact introduced commit is unknown

Last affected

4b46bb64d04ed59acce3d4fd61cf0f0dbd61461a

Affected versions

v0.*

v0.1.0

v0.1.1

v0.1.10

v0.1.2

v0.1.3