Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Serverpod client accepts any certificate
Vulnerability Description
Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. Upgrading to version `1.2.6` resolves this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
证书验证不恰当
Vulnerability Title
Serverpod 安全漏洞
Vulnerability Description
Serverpod是Serverpod开源的一个 Web 服务器。 Serverpod 1.2.6之前版本存在安全漏洞,该漏洞源于允许攻击者绕过serverpod_client包中所有非web HTTP客户端上TSL证书的验证,导致容易受到中间人对客户端设备和服务器之间加密流量的攻击。
CVSS Information
N/A
Vulnerability Type
N/A