RedHatRHSA-2021:0937(RHSA-2021:0937) Important: rubygem-em-http-request security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
39.4%
EventMachine based, async HTTP Request client.
Security Fix(es):
- missing SSL hostname validation allows MITM (CVE-2020-13482)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | ppc64le | rubygem-em-http-request-debuginfo | < 1.1.5-4.el7ost | rubygem-em-http-request-debuginfo-1.1.5-4.el7ost.ppc64le.rpm |
| RedHat | 7 | x86_64 | rubygem-em-http-request-debuginfo | < 1.1.5-4.el7ost | rubygem-em-http-request-debuginfo-1.1.5-4.el7ost.x86_64.rpm |
| RedHat | 7 | ppc64le | rubygem-em-http-request | < 1.1.5-4.el7ost | rubygem-em-http-request-1.1.5-4.el7ost.ppc64le.rpm |
| RedHat | 7 | x86_64 | rubygem-em-http-request | < 1.1.5-4.el7ost | rubygem-em-http-request-1.1.5-4.el7ost.x86_64.rpm |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
Percentile
39.4%