EPSS
Percentile
30.3%
In voloko twitter-stream 0.1.16, missing TLS hostname validation allows an attacker to perform a man-in-the-middle attack against users of the library (because eventmachine is misused).
github.com/voloko/twitter-stream
nvd.nist.gov/vuln/detail/CVE-2020-24392
securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream