2 matches found
Improper Certificate Validation
Overview jxm is an Incredibly fast messaging backend Affected versions of this package are vulnerable to Improper Certificate Validation in the HTTPS request due to the use of 'rejectUnauthorized': false when 'jxobj.IsSecure' is true. An attacker can intercept or manipulate encrypted traffic by...
CVE-2025-70058
CVE-2025-70058 affects YMFE yapi v1.12.0. The root cause is improper TLS/SSL certificate validation caused by Axios HTTPS agent configuration that sets rejectUnauthorized to false, enabling MITM-like interception. Documented in multiple sources (YAPI-related advisories and NVD/Red Hat entries). T...