Nrdvana

**Name of the Vulnerable Software and Affected Versions** HTTP::Tiny versions prior to 0.083 **Description** The issue is related to errors in the TLS certificate authentication procedure, allowing a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The problem stems from an insecure default TLS configuration where users must opt-in to verify certificates, making the HTTP::Tiny module vulnerable to a man-in-the-middle attack. This could enable an attacker to gain access to the communication channel between endpoints, obtaining sensitive information or further compromising the system. **Recommendations** For versions prior to 0.083, update to version 0.083 or later to resolve the issue. As a temporary workaround, consider opting in to verify TLS certificates to minimize the risk of exploitation. Restrict access to sensitive information and communication channels to minimize the impact of a potential man-in-the-middle attack.