CVE-2020-24393: Improper Certificate Validation

February 19, 2021 (updated March 1, 2021)

TweetStream uses the library eventmachine in an insecure way that does not have TLS hostname validation. This allows an attacker to perform a man-in-the-middle attack.

References

nvd.nist.gov/vuln/detail/CVE-2020-24393

Code Behaviors & Features

Detect and mitigate CVE-2020-24393 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →