MitM vulnerability
The file http.rb of the http package fails to call the OpenSSL::SSL::SSLSocket#post_connection_check method to perform hostname verification. Because of this, an attacker with a valid certificate but with a mismatched subject can perform a Man-in-the-Middle attack.