CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-13163

em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.2%

CVSS Severity

CVSS v3 Score 7.4

CVSS v2 Score 5.8

References

https://github.com/ConradIrwin/em-imap/issues/25
https://securitylab.github.com/advisories/GHSL-2020-095-conradirwin-em-imap
https://github.com/ConradIrwin/em-imap/issues/25
https://securitylab.github.com/advisories/GHSL-2020-095-conradirwin-em-imap

Products affected by CVE-2020-13163

Em-Imap Project » Em-Imap » Version: 0.5

cpe:2.3:a:em-imap_project:em-imap:0.5

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-13163

Products

Pricing

Contact Us