CVE-2019-1010206

Name of the Vulnerable Software and Affected Versions: OSS Http Request (Apache Cordova Plugin) version 6 OSS Http Request (kevinsawicki/http-request) (affected versions not specified)

Description: The issue concerns missing SSL/TLS certificate validation, which can lead to certificate spoofing. This problem is relevant when using the library for HTTPS communication. The attack vector in this case is also certificate spoofing.

Recommendations: For OSS Http Request (Apache Cordova Plugin) version 6, update the library to a version that includes SSL/TLS certificate validation. For OSS Http Request (kevinsawicki/http-request), at the moment, there is no information about a newer version that contains a fix for this vulnerability.