Omkar Parkhe

**Name of the Vulnerable Software and Affected Versions** Uniffle versions prior to 0.10.0 **Description** The Uniffle HTTP client is configured to trust all SSL certificates and disables hostname verification by default. This insecure configuration exposes all REST API communication between the Uniffle CLI/client and the Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks. The vulnerable component is the HTTP client. The affected API communication involves REST API endpoints. **Recommendations** Upgrade to version 0.10.0.