tiny-json-http missing SSL certificate validation · CVE-2018-1000096 · GitHub Advisory Database · GitHub

tiny-json-http missing SSL certificate validation

High severity GitHub Reviewed Published Mar 13, 2018 to the GitHub Advisory Database • Updated Sep 13, 2023

Package

tiny-json-http (npm)

Affected versions

>= 1.0.1, < 7.0.0

Patched versions

7.0.0

Description

brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks.

References

Published to the GitHub Advisory Database Mar 13, 2018

Reviewed Jun 16, 2020

Last updated Sep 13, 2023

Severity

High

8.1

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

High

Privileges required

None

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H