Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An information-disclosure issue was discovered in Postman through 6.3.0. It validates a server's X.509 certificate and presents an error if the certificate is not valid. Unfortunately, the associated HTTPS request data is sent anyway. Only the response is not displayed. Thus, all contained information of the HTTPS request is disclosed to a man-in-the-middle attacker (for example, user credentials).
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Postman 安全漏洞
Vulnerability Description
Postman是一款用于网页调试和发送网页HTTP请求的插件。 Postman 6.3.0及之前版本中存在安全漏洞,该漏洞源于程序没有正确的验证服务器端的X.509证书,如果证书无效则会显示错误信息。攻击者可利用该漏洞泄露HTTP请求中的信息,例如用户凭证。
CVSS Information
N/A
Vulnerability Type
N/A