CVE-2024-41124: [PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`

July 19, 2024

API_URLS is utilizing HTTP instead of HTTPS for communication that can lead to issues like Eavesdropping, Data Tampering, Unauthorized Data Access & MITM Attacks.

References

github.com/ARPSyndicate/puncia
github.com/ARPSyndicate/puncia/commit/033f3b68126eabbb2040ce16e2c3a2ce17437fbd
github.com/ARPSyndicate/puncia/issues/8
github.com/ARPSyndicate/puncia/security/advisories/GHSA-rwcj-7jjp-4w38
github.com/advisories/GHSA-rwcj-7jjp-4w38
nvd.nist.gov/vuln/detail/CVE-2024-41124

Detect and mitigate CVE-2024-41124 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →