Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. Upgrading to version `1.2.6` resolves this issue.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-03-27T18:46:32.750Z
Updated: 2024-08-27T20:30:09.237Z
Reserved: 2024-03-21T15:12:08.997Z
Link: CVE-2024-29887
Vulnrichment
Updated: 2024-08-02T01:17:58.177Z
NVD
Status : Awaiting Analysis
Published: 2024-03-27T19:15:49.230
Modified: 2024-11-21T09:08:33.057
Link: CVE-2024-29887
Redhat
No data.