CVE-2024-29887 — HIGH (7.4)

Q: How severe is CVE-2024-29887?

CVE-2024-29887 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-29887?

Check the references section above for vendor advisories and patch information. Affected products include: Serverpod Serverpod.

Vulnerability Description

Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. Upgrading to version `1.2.6` resolves this issue.

CVSS Score

7.4

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Serverpod	Serverpod	< 1.2.6

Related Weaknesses (CWE)

CWE-295

References

FAQ

What is CVE-2024-29887?

CVE-2024-29887 is a vulnerability with a CVSS score of 7.4 (HIGH). Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Makin...

How severe is CVE-2024-29887?

CVE-2024-29887 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-29887?

Check the references section above for vendor advisories and patch information. Affected products include: Serverpod Serverpod.