Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
em-http-request project vulnerabilities and exploits
(subscribe to this query)
516
VMScore
CVE-2020-13482
EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an malicious user to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
Em-http-request Project Em-http-request 1.1.5
Fedoraproject Fedora 32
Fedoraproject Fedora 33
570
VMScore
CVE-2020-15134
Faye before version 1.4.0, there is a lack of certification validation in TLS handshakes. Faye uses em-http-request and faye-websocket in the Ruby version of its client. Those libraries both use the `EM::Connection#start_tls` method in EventMachine to implement the TLS handshake ...
Faye Project Faye
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started