Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. Upgrading to version `1.2.6` resolves this issue.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-03-27T18:46:32.750Z
Updated: 2024-03-27T18:46:32.750Z
Reserved: 2024-03-21T15:12:08.997Z
Link: CVE-2024-29887
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-03-27T19:15:49.230
Modified: 2024-03-28T02:01:13.303
Link: CVE-2024-29887
JSON object: View
Redhat Information
No data.
CWE