Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
em-http-request project vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2020-13482
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an malicious user to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
Em-http-request Project Em-http-request 1.1.5
Fedoraproject Fedora 32
Fedoraproject Fedora 33
6.4
CVSSv2
CVE-2020-15134
Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake ...
Faye Project Faye
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started