MGASA-2021-0172

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0172.html

Import Source

https://advisories.mageia.org/MGASA-2021-0172.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2021-0172

Related

CVE-2020-13482

Published

2021-04-02T20:25:05Z

Modified

2026-01-31T16:48:02.035209Z

Summary

Updated ruby-em-http-request packages fix security vulnerability

Details

Updated ruby-em-http-request packages fix security vulnerability:

A flaw was found in rubygem-em-http-request. The eventmachine library does not verify the hostname in a TLS server certificate which can allow an attacker to perform a man-in-the-middle attack. The highest threat from this vulnerability is to data confidentiality and integrity (CVE-2020-13482).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / ruby-em-http-request

Package

Name: ruby-em-http-request
Purl: pkg:rpm/mageia/ruby-em-http-request?arch=source&distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.7-1.mga7

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2021-0172.json"