GHSA-gcfg-hmwx-wq5h: Httpful is Missing Certificate Validation
Httpful has Insecure HTTPS Connections due to Missing Default Certificate Validation
References
- github.com/FriendsOfPHP/security-advisories/blob/master/nategood/httpful/2024-05-01.yaml
- github.com/advisories/GHSA-gcfg-hmwx-wq5h
- github.com/nategood/httpful
- github.com/nategood/httpful/blob/fc8e4274a09529a6ff29b9c6c0a105ee43dbfda5/src/Httpful/Request.php
- github.com/nategood/httpful/commit/44c880e4f559e9215dc6ea9fe50315500c6c2c84
- github.com/nategood/httpful/issues/247
- huntr.com/bounties/8d59c089-92f1-4b73-90f8-54968a70e2fb
Code Behaviors & Features
Detect and mitigate GHSA-gcfg-hmwx-wq5h with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →