Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. Upgrading to version `1.2.6` resolves this issue.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-03-27T18:46:32.750Z

Updated: 2024-08-27T20:30:09.237Z

Reserved: 2024-03-21T15:12:08.997Z

Link: CVE-2024-29887

cve-icon Vulnrichment

Updated: 2024-08-02T01:17:58.177Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-27T19:15:49.230

Modified: 2024-11-21T09:08:33.057

Link: CVE-2024-29887

cve-icon Redhat

No data.