CVE-2020-13163

Severity CVSS v4.0:
Pending analysis
Type:
CWE-295 Improper Certificate Validation
Publication date:
19/05/2020
Last modified:
04/03/2021

Description

em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:em-imap_project:em-imap:0.5:*:*:*:*:*:*:*