High severityNVD Advisory· Published Mar 27, 2024· Updated Aug 27, 2024
Serverpod client accepts any certificate
CVE-2024-29887
Description
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpod_client package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. Upgrading to version 1.2.6 resolves this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
serverpod_clientPub | < 1.2.6 | 1.2.6 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-h6x7-r5rg-x5fwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-29887ghsaADVISORY
- github.com/serverpod/serverpod/commit/d55bf8d12967fc7955a875cb3e0f9693bd6d2c71ghsax_refsource_MISCWEB
- github.com/serverpod/serverpod/security/advisories/GHSA-h6x7-r5rg-x5fwghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.