PT-2019-11511 · Kevinsawicki+1 · Oss Http Request

Published

2019-07-23

Updated

2022-05-24

CVE-2019-1010206

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions: OSS Http Request (Apache Cordova Plugin) version 6 OSS Http Request (kevinsawicki/http-request) (affected versions not specified)

Description: The issue concerns missing SSL/TLS certificate validation, which can lead to certificate spoofing. This problem is relevant when using the library for HTTPS communication. The attack vector in this case is also certificate spoofing.

Recommendations: For OSS Http Request (Apache Cordova Plugin) version 6, update the library to a version that includes SSL/TLS certificate validation. For OSS Http Request (kevinsawicki/http-request), at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2019-1010206

GHSA-8MX3-GP3P-VGG7

Affected Products

Oss Http Request

PT-2019-11511 · Kevinsawicki+1 · Oss Http Request

CVE-2019-1010206

Weakness Enumeration

Related Identifiers

Affected Products

References · 4