Опубликовано: 09 сент. 2024
Источник: github
Github: Прошло ревью
CVSS4: 6.9
CVSS3: 7.4
Описание
Httpful is Missing Certificate Validation
Httpful has Insecure HTTPS Connections due to Missing Default Certificate Validation
Ссылки
- https://github.com/nategood/httpful/issues/247
- https://github.com/nategood/httpful/commit/44c880e4f559e9215dc6ea9fe50315500c6c2c84
- https://github.com/FriendsOfPHP/security-advisories/blob/master/nategood/httpful/2024-05-01.yaml
- https://github.com/nategood/httpful/blob/fc8e4274a09529a6ff29b9c6c0a105ee43dbfda5/src/Httpful/Request.php#L35
- https://huntr.com/bounties/8d59c089-92f1-4b73-90f8-54968a70e2fb
Пакеты
Наименование
nategood/httpful
composer
Затронутые версииВерсия исправления
< 1.0.0
1.0.0
6.9 Medium
CVSS4
7.4 High
CVSS3
Дефекты
CWE-295
6.9 Medium
CVSS4
7.4 High
CVSS3
Дефекты
CWE-295