Описание
Allegro Tech BigFlow vulnerable to Missing SSL Certificate Validation
Allegro Tech BigFlow prior to 1.6.0 is vulnerable to Missing SSL Certificate Validation.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-25392
- https://github.com/allegro/bigflow/pull/357
- https://github.com/allegro/bigflow/commit/4ce197ff99bd38693dea59ab5e9b781fbcef4276
- https://github.com/allegro/bigflow/commit/7e956661f76907594e8c82e8fb0af76dbea2a0fc
- https://lutrasecurity.com/en/articles/cve-2023-25392
Пакеты
Наименование
bigflow
pip
Затронутые версииВерсия исправления
< 1.6.0
1.6.0
Связанные уязвимости
CVSS3: 5.9
nvd
почти 3 года назад
Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation.