-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from insecure SSL certificate validation being disabled by default. The _curlPrep() function directly applies this insecure configuration via CURLOPT_SSL_VERIFYPEER using the $strict_ssl property (default: false). The withoutStrictSSL() method reinforces this vulnerability by providing an explicit way to disable validation. The combination of default initialization and public API methods creates the insecure HTTPS behavior.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| nategood/httpful | composer | < 1.0.0 | 1.0.0 |
PHPPHP